Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-0853
Vulnerability from cvelistv5
Published
2022-03-11 17:54
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2060725 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://github.com/ByteHackr/CVE-2022-0853 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2060725 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ByteHackr/CVE-2022-0853 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | jboss-client |
Version: 1.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:04.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jboss-client", vendor: "n/a", versions: [ { status: "affected", version: "1.7", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "Memory Leakage", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-11T17:54:27", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0853", datePublished: "2022-03-11T17:54:27", dateReserved: "2022-03-04T00:00:00", dateUpdated: "2024-08-02T23:40:04.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-0853\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-03-11T18:15:25.737\",\"lastModified\":\"2024-11-21T06:39:31.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en JBoss-client. La vulnerabilidad es producida debido a una pérdida de memoria en el lado del cliente de JBoss, cuando es usado UserTransaction repetidamente y conlleva a una vulnerabilidad de filtrado de información\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5863BBF-829E-44EF-ACE8-61D5037251F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A24CBFB-4900-47A5-88D2-A44C929603DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2060725\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ByteHackr/CVE-2022-0853\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2060725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/ByteHackr/CVE-2022-0853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", }, }
rhsa-2022_7411
Vulnerability from csaf_redhat
Published
2022-11-03 14:55
Modified
2024-11-25 13:38
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7411", url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/articles/11258", url: "https://access.redhat.com/articles/11258", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2024-11-25T13:38:08+00:00", generator: { date: "2024-11-25T13:38:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:7411", initial_release_date: "2022-11-03T14:55:02+00:00", revision_history: [ { date: "2022-11-03T14:55:02+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:55:02+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T13:38:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-0:1-5.el9sso.src", product: { name: "rh-sso7-0:1-5.el9sso.src", product_id: "rh-sso7-0:1-5.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rh-sso7-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-0:1-5.el9sso.x86_64", product_id: "rh-sso7-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64", }, }, }, { category: "product_version", name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_id: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", }, product_reference: "rh-sso7-0:1-5.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-runtime-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], known_not_affected: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
RHSA-2022:7410
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2025-04-15 10:58
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7410", url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2025-04-15T10:58:30+00:00", generator: { date: "2025-04-15T10:58:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7410", initial_release_date: "2022-11-03T14:54:28+00:00", revision_history: [ { date: "2022-11-03T14:54:28+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:28+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:58:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022:4918
Vulnerability from csaf_redhat
Published
2022-06-06 15:54
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4918", url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23120", url: "https://issues.redhat.com/browse/JBEAP-23120", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", tracking: { current_release_date: "2025-04-16T15:01:36+00:00", generator: { date: "2025-04-16T15:01:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4918", initial_release_date: "2022-06-06T15:54:15+00:00", revision_history: [ { date: "2022-06-06T15:54:15+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:54:15+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022_7409
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2024-11-25 13:38
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7409", url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2024-11-25T13:38:01+00:00", generator: { date: "2024-11-25T13:38:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:7409", initial_release_date: "2022-11-03T14:54:26+00:00", revision_history: [ { date: "2022-11-03T14:54:26+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:26+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T13:38:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022:7410
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2025-04-15 10:58
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7410", url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2025-04-15T10:58:30+00:00", generator: { date: "2025-04-15T10:58:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7410", initial_release_date: "2022-11-03T14:54:28+00:00", revision_history: [ { date: "2022-11-03T14:54:28+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:28+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:58:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022:4919
Vulnerability from csaf_redhat
Published
2022-06-06 16:00
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4919", url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23121", url: "https://issues.redhat.com/browse/JBEAP-23121", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", tracking: { current_release_date: "2025-04-16T15:01:27+00:00", generator: { date: "2025-04-16T15:01:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4919", initial_release_date: "2022-06-06T16:00:48+00:00", revision_history: [ { date: "2022-06-06T16:00:48+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T16:00:48+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
RHSA-2022:4922
Vulnerability from csaf_redhat
Published
2022-06-06 15:11
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4922", url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", tracking: { current_release_date: "2025-04-16T15:01:19+00:00", generator: { date: "2025-04-16T15:01:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4922", initial_release_date: "2022-06-06T15:11:31+00:00", revision_history: [ { date: "2022-06-06T15:11:31+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:11:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022_4919
Vulnerability from csaf_redhat
Published
2022-06-06 16:00
Modified
2024-12-20 23:49
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4919", url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23121", url: "https://issues.redhat.com/browse/JBEAP-23121", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", tracking: { current_release_date: "2024-12-20T23:49:28+00:00", generator: { date: "2024-12-20T23:49:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2022:4919", initial_release_date: "2022-06-06T16:00:48+00:00", revision_history: [ { date: "2022-06-06T16:00:48+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T16:00:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-20T23:49:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
RHSA-2022:7409
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2025-04-15 10:58
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7409", url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2025-04-15T10:58:37+00:00", generator: { date: "2025-04-15T10:58:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7409", initial_release_date: "2022-11-03T14:54:26+00:00", revision_history: [ { date: "2022-11-03T14:54:26+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:26+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:58:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022:7411
Vulnerability from csaf_redhat
Published
2022-11-03 14:55
Modified
2025-04-15 10:57
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7411", url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/articles/11258", url: "https://access.redhat.com/articles/11258", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2025-04-15T10:57:36+00:00", generator: { date: "2025-04-15T10:57:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7411", initial_release_date: "2022-11-03T14:55:02+00:00", revision_history: [ { date: "2022-11-03T14:55:02+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:55:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:57:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-0:1-5.el9sso.src", product: { name: "rh-sso7-0:1-5.el9sso.src", product_id: "rh-sso7-0:1-5.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rh-sso7-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-0:1-5.el9sso.x86_64", product_id: "rh-sso7-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64", }, }, }, { category: "product_version", name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_id: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", }, product_reference: "rh-sso7-0:1-5.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-runtime-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], known_not_affected: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022_4922
Vulnerability from csaf_redhat
Published
2022-06-06 15:11
Modified
2024-12-20 23:49
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4922", url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", tracking: { current_release_date: "2024-12-20T23:49:21+00:00", generator: { date: "2024-12-20T23:49:21+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2022:4922", initial_release_date: "2022-06-06T15:11:31+00:00", revision_history: [ { date: "2022-06-06T15:11:31+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:11:31+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-20T23:49:21+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022:7417
Vulnerability from csaf_redhat
Published
2022-11-03 15:14
Modified
2025-04-15 10:57
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7417", url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2025-04-15T10:57:26+00:00", generator: { date: "2025-04-15T10:57:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7417", initial_release_date: "2022-11-03T15:14:51+00:00", revision_history: [ { date: "2022-11-03T15:14:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T15:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:57:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022_7410
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2024-11-25 13:37
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7410", url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", tracking: { current_release_date: "2024-11-25T13:37:53+00:00", generator: { date: "2024-11-25T13:37:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:7410", initial_release_date: "2022-11-03T14:54:28+00:00", revision_history: [ { date: "2022-11-03T14:54:28+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T13:37:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7410", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
RHSA-2022:7411
Vulnerability from csaf_redhat
Published
2022-11-03 14:55
Modified
2025-04-15 10:57
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7411", url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/articles/11258", url: "https://access.redhat.com/articles/11258", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", tracking: { current_release_date: "2025-04-15T10:57:36+00:00", generator: { date: "2025-04-15T10:57:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7411", initial_release_date: "2022-11-03T14:55:02+00:00", revision_history: [ { date: "2022-11-03T14:55:02+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:55:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:57:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-0:1-5.el9sso.src", product: { name: "rh-sso7-0:1-5.el9sso.src", product_id: "rh-sso7-0:1-5.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_id: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "rh-sso7-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-0:1-5.el9sso.x86_64", product_id: "rh-sso7-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64", }, }, }, { category: "product_version", name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_id: "rh-sso7-runtime-0:1-5.el9sso.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", }, product_reference: "rh-sso7-0:1-5.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", }, product_reference: "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", }, product_reference: "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", }, product_reference: "rh-sso7-runtime-0:1-5.el9sso.x86_64", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], known_not_affected: [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:55:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7411", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
RHSA-2022:4919
Vulnerability from csaf_redhat
Published
2022-06-06 16:00
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4919", url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23121", url: "https://issues.redhat.com/browse/JBEAP-23121", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", tracking: { current_release_date: "2025-04-16T15:01:27+00:00", generator: { date: "2025-04-16T15:01:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4919", initial_release_date: "2022-06-06T16:00:48+00:00", revision_history: [ { date: "2022-06-06T16:00:48+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T16:00:48+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T16:00:48+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4919", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
RHSA-2022:7417
Vulnerability from csaf_redhat
Published
2022-11-03 15:14
Modified
2025-04-15 10:57
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7417", url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2025-04-15T10:57:26+00:00", generator: { date: "2025-04-15T10:57:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7417", initial_release_date: "2022-11-03T15:14:51+00:00", revision_history: [ { date: "2022-11-03T15:14:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T15:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:57:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
rhsa-2022:4922
Vulnerability from csaf_redhat
Published
2022-06-06 15:11
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4922", url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", tracking: { current_release_date: "2025-04-16T15:01:19+00:00", generator: { date: "2025-04-16T15:01:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4922", initial_release_date: "2022-06-06T15:11:31+00:00", revision_history: [ { date: "2022-06-06T15:11:31+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:11:31+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:11:31+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4922", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022_4918
Vulnerability from csaf_redhat
Published
2022-06-06 15:54
Modified
2024-12-20 23:51
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4918", url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23120", url: "https://issues.redhat.com/browse/JBEAP-23120", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", tracking: { current_release_date: "2024-12-20T23:51:17+00:00", generator: { date: "2024-12-20T23:51:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2022:4918", initial_release_date: "2022-06-06T15:54:15+00:00", revision_history: [ { date: "2022-06-06T15:54:15+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:54:15+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-20T23:51:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022_7417
Vulnerability from csaf_redhat
Published
2022-11-03 15:14
Modified
2024-11-25 13:37
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7417", url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", tracking: { current_release_date: "2024-11-25T13:37:06+00:00", generator: { date: "2024-11-25T13:37:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:7417", initial_release_date: "2022-11-03T15:14:51+00:00", revision_history: [ { date: "2022-11-03T15:14:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T15:14:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T13:37:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.1", product: { name: "Red Hat Single Sign-On 7.6.1", product_id: "Red Hat Single Sign-On 7.6.1", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T15:14:51+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat Single Sign-On 7.6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7417", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
RHSA-2022:4918
Vulnerability from csaf_redhat
Published
2022-06-06 15:54
Modified
2025-04-16 15:01
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:4918", url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "JBEAP-23120", url: "https://issues.redhat.com/browse/JBEAP-23120", }, { category: "external", summary: "JBEAP-23171", url: "https://issues.redhat.com/browse/JBEAP-23171", }, { category: "external", summary: "JBEAP-23194", url: "https://issues.redhat.com/browse/JBEAP-23194", }, { category: "external", summary: "JBEAP-23241", url: "https://issues.redhat.com/browse/JBEAP-23241", }, { category: "external", summary: "JBEAP-23299", url: "https://issues.redhat.com/browse/JBEAP-23299", }, { category: "external", summary: "JBEAP-23300", url: "https://issues.redhat.com/browse/JBEAP-23300", }, { category: "external", summary: "JBEAP-23312", url: "https://issues.redhat.com/browse/JBEAP-23312", }, { category: "external", summary: "JBEAP-23313", url: "https://issues.redhat.com/browse/JBEAP-23313", }, { category: "external", summary: "JBEAP-23336", url: "https://issues.redhat.com/browse/JBEAP-23336", }, { category: "external", summary: "JBEAP-23338", url: "https://issues.redhat.com/browse/JBEAP-23338", }, { category: "external", summary: "JBEAP-23339", url: "https://issues.redhat.com/browse/JBEAP-23339", }, { category: "external", summary: "JBEAP-23351", url: "https://issues.redhat.com/browse/JBEAP-23351", }, { category: "external", summary: "JBEAP-23353", url: "https://issues.redhat.com/browse/JBEAP-23353", }, { category: "external", summary: "JBEAP-23429", url: "https://issues.redhat.com/browse/JBEAP-23429", }, { category: "external", summary: "JBEAP-23432", url: "https://issues.redhat.com/browse/JBEAP-23432", }, { category: "external", summary: "JBEAP-23451", url: "https://issues.redhat.com/browse/JBEAP-23451", }, { category: "external", summary: "JBEAP-23531", url: "https://issues.redhat.com/browse/JBEAP-23531", }, { category: "external", summary: "JBEAP-23532", url: "https://issues.redhat.com/browse/JBEAP-23532", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", tracking: { current_release_date: "2025-04-16T15:01:36+00:00", generator: { date: "2025-04-16T15:01:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:4918", initial_release_date: "2022-06-06T15:54:15+00:00", revision_history: [ { date: "2022-06-06T15:54:15+00:00", number: "1", summary: "Initial version", }, { date: "2022-06-06T15:54:15+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T15:01:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_id: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_id: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_id: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_id: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", }, product_reference: "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", }, product_reference: "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", }, product_reference: "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-37136", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004133", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", title: "Vulnerability summary", }, { category: "other", text: "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37136", }, { category: "external", summary: "RHBZ#2004133", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004133", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37136", url: "https://www.cve.org/CVERecord?id=CVE-2021-37136", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data", }, { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-09-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2004135", }, ], notes: [ { category: "description", text: "A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37137", }, { category: "external", summary: "RHBZ#2004135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004135", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37137", url: "https://www.cve.org/CVERecord?id=CVE-2021-37137", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", url: "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", }, ], release_date: "2021-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { cve: "CVE-2022-21299", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041472", }, ], notes: [ { category: "description", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21299", }, { category: "external", summary: "RHBZ#2041472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041472", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21299", url: "https://www.cve.org/CVERecord?id=CVE-2022-21299", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", }, { cve: "CVE-2022-21363", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047343", }, ], notes: [ { category: "description", text: "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", title: "Vulnerability description", }, { category: "summary", text: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21363", }, { category: "external", summary: "RHBZ#2047343", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21363", url: "https://www.cve.org/CVERecord?id=CVE-2022-21363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", }, { category: "external", summary: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", url: "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { acknowledgments: [ { names: [ "Sergey Temnikov", "Ziyi Luo", ], organization: "Amazon Corretto", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2022-01-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2047200", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "xerces-j2: infinite loop when handling specially crafted XML document payloads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "RHBZ#2047200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23437", url: "https://www.cve.org/CVERecord?id=CVE-2022-23437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", }, ], release_date: "2022-01-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xerces-j2: infinite loop when handling specially crafted XML document payloads", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, { cve: "CVE-2022-24785", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-04-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2072009", }, ], notes: [ { category: "description", text: "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", title: "Vulnerability description", }, { category: "summary", text: "Moment.js: Path traversal in moment.locale", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24785", }, { category: "external", summary: "RHBZ#2072009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24785", url: "https://www.cve.org/CVERecord?id=CVE-2022-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", }, { category: "external", summary: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", url: "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-06-06T15:54:15+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:4918", }, { category: "workaround", details: "Sanitize the user-provided locale name before passing it to Moment.js.", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Moment.js: Path traversal in moment.locale", }, ], }
rhsa-2022:7409
Vulnerability from csaf_redhat
Published
2022-11-03 14:54
Modified
2025-04-15 10:58
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* h2: Remote Code Execution in Console (CVE-2021-42392)
* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)
* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7409", url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", tracking: { current_release_date: "2025-04-15T10:58:37+00:00", generator: { date: "2025-04-15T10:58:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:7409", initial_release_date: "2022-11-03T14:54:26+00:00", revision_history: [ { date: "2022-11-03T14:54:26+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-03T14:54:26+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-15T10:58:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36518", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064698", }, ], notes: [ { category: "description", text: "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via a large depth of nested objects", title: "Vulnerability summary", }, { category: "other", text: "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "RHBZ#2064698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-36518", url: "https://www.cve.org/CVERecord?id=CVE-2020-36518", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", }, { category: "external", summary: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", url: "https://github.com/advisories/GHSA-57j2-w4cx-62h2", }, ], release_date: "2020-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via a large depth of nested objects", }, { cve: "CVE-2021-42392", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2039403", }, ], notes: [ { category: "description", text: "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", title: "Vulnerability description", }, { category: "summary", text: "h2: Remote Code Execution in Console", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42392", }, { category: "external", summary: "RHBZ#2039403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42392", url: "https://www.cve.org/CVERecord?id=CVE-2021-42392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", }, { category: "external", summary: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", url: "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", }, ], release_date: "2022-01-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "h2: Remote Code Execution in Console", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2027195", }, ], notes: [ { category: "description", text: "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", title: "Vulnerability description", }, { category: "summary", text: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-42575", }, { category: "external", summary: "RHBZ#2027195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-42575", url: "https://www.cve.org/CVERecord?id=CVE-2021-42575", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", }, ], release_date: "2021-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", }, { cve: "CVE-2021-43797", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031958", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: control chars in header names may lead to HTTP request smuggling", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43797", }, { category: "external", summary: "RHBZ#2031958", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43797", url: "https://www.cve.org/CVERecord?id=CVE-2021-43797", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", url: "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: control chars in header names may lead to HTTP request smuggling", }, { cve: "CVE-2022-0084", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064226", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", title: "Vulnerability description", }, { category: "summary", text: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0084", }, { category: "external", summary: "RHBZ#2064226", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064226", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0084", url: "https://www.cve.org/CVERecord?id=CVE-2022-0084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", }, { acknowledgments: [ { names: [ "Johan Nilsson", ], organization: "NRMC team (Nasdaq)", }, ], cve: "CVE-2022-0225", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2040268", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Stored XSS in groups dropdown", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0225", }, { category: "external", summary: "RHBZ#2040268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0225", url: "https://www.cve.org/CVERecord?id=CVE-2022-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", }, ], release_date: "2022-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Stored XSS in groups dropdown", }, { cve: "CVE-2022-0853", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060725", }, ], notes: [ { category: "description", text: "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "jboss-client: memory leakage in remote client transaction", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0853", }, { category: "external", summary: "RHBZ#2060725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0853", url: "https://www.cve.org/CVERecord?id=CVE-2022-0853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, ], release_date: "2022-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jboss-client: memory leakage in remote client transaction", }, { acknowledgments: [ { names: [ "Oliver Bieri", ], organization: "Schindler Elevator Ltd., Switzerland", }, ], cve: "CVE-2022-0866", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2060929", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", title: "Vulnerability summary", }, { category: "other", text: "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-0866", }, { category: "external", summary: "RHBZ#2060929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-0866", url: "https://www.cve.org/CVERecord?id=CVE-2022-0866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", }, ], release_date: "2022-05-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, { category: "workaround", details: "In order to avoid the possibility of information access, review application source code for '@RunAs' and 'run-as-principal' usage. Also, make sure the application is using or not Elytron Security. It's possible to investigate by checking if the commands from '$JBOSS_HOME/docs/examples/enable-elytron.cli' or similar were executed.", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", }, { cve: "CVE-2022-1319", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073890", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1319", }, { category: "external", summary: "RHBZ#2073890", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1319", url: "https://www.cve.org/CVERecord?id=CVE-2022-1319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", }, ], release_date: "2022-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", }, { acknowledgments: [ { names: [ "Marek Posolda", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2022-2668", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2022-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2115392", }, ], notes: [ { category: "description", text: "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2668", }, { category: "external", summary: "RHBZ#2115392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2668", url: "https://www.cve.org/CVERecord?id=CVE-2022-2668", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", }, { category: "external", summary: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", }, ], release_date: "2022-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", }, { cve: "CVE-2022-23913", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2063601", }, ], notes: [ { category: "description", text: "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", title: "Vulnerability description", }, { category: "summary", text: "artemis-commons: Apache ActiveMQ Artemis DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23913", }, { category: "external", summary: "RHBZ#2063601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23913", url: "https://www.cve.org/CVERecord?id=CVE-2022-23913", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", }, { category: "external", summary: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", url: "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", }, ], release_date: "2022-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-03T14:54:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7409", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "artemis-commons: Apache ActiveMQ Artemis DoS", }, ], }
fkie_cve-2022-0853
Vulnerability from fkie_nvd
Published
2022-03-11 18:15
Modified
2024-11-21 06:39
Severity ?
Summary
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2060725 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://github.com/ByteHackr/CVE-2022-0853 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2060725 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ByteHackr/CVE-2022-0853 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | descision_manager | 7.0 | |
| redhat | jboss_enterprise_application_platform | 7.0.0 | |
| redhat | jboss_enterprise_application_platform_expansion_pack | - | |
| redhat | process_automation | 7.0 | |
| redhat | single_sign-on | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "D5863BBF-829E-44EF-ACE8-61D5037251F6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", matchCriteriaId: "0A24CBFB-4900-47A5-88D2-A44C929603DC", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", }, { lang: "es", value: "Se ha encontrado un fallo en JBoss-client. La vulnerabilidad es producida debido a una pérdida de memoria en el lado del cliente de JBoss, cuando es usado UserTransaction repetidamente y conlleva a una vulnerabilidad de filtrado de información", }, ], id: "CVE-2022-0853", lastModified: "2024-11-21T06:39:31.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-11T18:15:25.737", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ByteHackr/CVE-2022-0853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2022-0853
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-0853", description: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", id: "GSD-2022-0853", references: [ "https://access.redhat.com/errata/RHSA-2022:4918", "https://access.redhat.com/errata/RHSA-2022:4919", "https://access.redhat.com/errata/RHSA-2022:4922", "https://access.redhat.com/errata/RHSA-2022:7409", "https://access.redhat.com/errata/RHSA-2022:7410", "https://access.redhat.com/errata/RHSA-2022:7411", "https://access.redhat.com/errata/RHSA-2022:7417", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-0853", ], details: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", id: "GSD-2022-0853", modified: "2023-12-13T01:19:11.261057Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-0853", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "jboss-client", version: { version_data: [ { version_affected: "=", version_value: "1.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Memory Leakage", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { name: "https://github.com/ByteHackr/CVE-2022-0853", refsource: "MISC", url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-0853", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", refsource: "MISC", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { name: "https://github.com/ByteHackr/CVE-2022-0853", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2022-03-18T13:51Z", publishedDate: "2022-03-11T18:15Z", }, }, }
ghsa-f67w-c9w2-5v69
Vulnerability from github
Published
2022-03-12 00:00
Modified
2022-03-19 00:01
Severity ?
Details
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
{ affected: [], aliases: [ "CVE-2022-0853", ], database_specific: { cwe_ids: [ "CWE-401", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-03-11T18:15:00Z", severity: "HIGH", }, details: "A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.", id: "GHSA-f67w-c9w2-5v69", modified: "2022-03-19T00:01:14Z", published: "2022-03-12T00:00:31Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060725", }, { type: "WEB", url: "https://github.com/ByteHackr/CVE-2022-0853", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.