Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-10219 (GCVE-0-2019-10219)
Vulnerability from cvelistv5 – Published: 2019-11-08 14:46 – Updated: 2025-07-07 13:55
VLAI?
EPSS
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Severity ?
6.5 (Medium)
CWE
Assigner
References
18 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hibernate | hibernate-validator |
Affected:
6.0.0.Alpha1 , ≤ 6.0.17.Final
(semver)
Affected: 6.1.0.Alpha1 , ≤ 6.1.0.Alpha6 (semver) Unaffected: 6.0.18.Final , ≤ 6.0.* (semver) Unaffected: 6.1.0.Final , ≤ * (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-07-02T11:46:38.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee"
},
{
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
},
{
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"
},
{
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"
},
{
"name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://hibernate.org/validator/",
"defaultStatus": "unknown",
"product": "hibernate-validator",
"vendor": "Hibernate",
"versions": [
{
"lessThanOrEqual": "6.0.17.Final",
"status": "affected",
"version": "6.0.0.Alpha1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.0.Alpha6",
"status": "affected",
"version": "6.1.0.Alpha1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.18.Final",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1.0.Final",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T13:55:51.360Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "Upstream fix commit",
"tags": [
"patch"
],
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
},
{
"name": "Upstream fix commit",
"tags": [
"patch"
],
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"name": "Proof of Concept",
"tags": [
"exploit"
],
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"
},
{
"name": "Proof of Concept",
"tags": [
"exploit"
],
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hibernate-validator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Hibernate"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0024/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10219",
"datePublished": "2019-11-08T14:46:03.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-07-07T13:55:51.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-10219",
"date": "2026-05-19",
"epss": "0.01674",
"percentile": "0.82353"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.18\", \"matchCriteriaId\": \"552F082C-38E5-49A9-A451-71B6ECAF21B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82A1C19-F8AE-4DA9-891D-247F07D57605\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E38B943A-B167-4EAD-9308-47FF525BE57A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6766965C-2991-4559-975B-9E864DF8F10D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CD7403-23C7-488F-84EC-1F0C675E87D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEB7C69E-FA13-43AB-89AD-FE1E4687E02A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"077732DB-F5F3-4E9C-9AC0-8142AB85B32F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*\", \"matchCriteriaId\": \"2BF03A52-4068-47EA-8846-1E5FB708CE1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\", \"matchCriteriaId\": \"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*\", \"matchCriteriaId\": \"ADB40F59-CAAE-47D6-850C-12619D8D5B34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*\", \"matchCriteriaId\": \"341E6313-20D5-44CB-9719-B20585DC5AD6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\", \"matchCriteriaId\": \"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"DC01D8F3-291A-44E5-99C1-6771F6656E0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*\", \"matchCriteriaId\": \"5E1DE4F5-9094-4C73-AA1B-5C902F38DD24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A287FA5D-D7D9-40B4-8DB2-1D7CE1808408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20EB3430-0FF2-4668-BB20-A5611ACC73F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"432BFCF5-A5DC-487C-A111-DE70AB3FCDAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*\", \"matchCriteriaId\": \"5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06480458-3216-4C42-9270-F68A41EEC147\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"480BF1CB-11D7-4D86-A99E-960F316F2E1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB124AD9-8000-449B-8219-0FF011F86B03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F84E5662-0289-4ED5-A112-BC506508216C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD312681-73A4-4B21-BDE8-50DED7E3E0CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A125E817-F974-4509-872C-B71933F42AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E67940FD-3BA7-40A8-8E40-44B37D23E2DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE6EB4DE-33DA-4810-96BD-29C82B433714\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C446826-EF5B-4937-ADB4-1102F9F39304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7FCB446-49A7-48B9-8808-E72A4E2E48C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E9B2F53-257E-49E2-83C3-0840BDB4D67C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CF34B1B-0FC0-4EA6-830D-D2191337D451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B79608-5D94-45C3-ADF0-B181B92C3014\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25193811-46CE-4A0E-B22D-67BE99FAD450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"869D51B3-FB50-4BD6-8A0C-D0984267525F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08B8F413-2000-493B-82B1-BEFE343BB8C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"042269E6-D3B4-4867-86FA-9301FACA9FF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86F03B63-F922-45CD-A7D1-326DB0042875\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CBFC93F-8B39-45A2-981C-59B187169BD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0843465C-F940-4FFC-998D-9A2668B75EA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F834ACC-D65B-4CA3-91F1-415CBC6077E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"560F20E6-AEA1-4CE5-A393-C9B2CF334C5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBE7BF09-B89C-4590-821E-6C0587E096B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18127694-109C-4E7E-AE79-0BA351849291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D6895A6-511A-4DC6-9F9B-58E05B86BDB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"473749BD-267E-480F-8E7F-C762702DB66E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"320D36DA-D99F-4149-B582-3F4AB2F41A1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndIncluding\": \"2.4.0\", \"matchCriteriaId\": \"05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E502A46-BAF4-4558-BC8F-9F014A2FB26A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C542DC5E-6657-4178-9C69-46FD3C187D56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndIncluding\": \"2.4.1\", \"matchCriteriaId\": \"6D0F559E-0790-461B-ACED-5B00F4D40893\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"132CE62A-FBFC-4001-81EC-35D81F73AF48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"282150FF-C945-4A3E-8A80-E8757A8907EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CD806C1-CC17-47BD-8BB0-9430C4253BC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DC56004-4497-4CDD-AE76-5E3DFAE170F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"274A0CF5-41E8-42E0-9931-F7372A65B9C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEF828F5-C666-40DA-98DD-CDF658D7090B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA8461A2-428C-4817-92A9-0C671545698D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"D40AD626-B23A-44A3-A6C0-1FFB4D647AE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"B602F9E8-1580-436C-A26D-6E6F8121A583\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"77C3DD16-1D81-40E1-B312-50FBD275507C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"81DAC8C0-D342-44B5-9432-6B88D389584F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E869C417-C0E6-4FC3-B406-45598A1D1906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B2CEA84-0983-4C40-B923-99244ABCF32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FD798A8-38B7-42C1-9043-863D16CE7ACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A3622F5-5976-4BBC-A147-FC8A6431EA79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.3.0\", \"versionEndIncluding\": \"11.3.2\", \"matchCriteriaId\": \"F012E976-E219-46C2-8177-60ED859594BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"787E2C1B-9BAD-4018-8495-E9BE75628BB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0111372-B39F-4B3D-8136-44C2C1CFD12B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B465F237-0271-4389-8035-89C07A52350D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A9E4125-B744-4A9D-BFE6-5D82939958FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261212BD-125A-487F-97E8-A9587935DFE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4063FAD6-21D4-42C7-87C0-D299532E0982\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98FB24DB-AF91-48D0-9CA5-C8250D183FD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"868E7C46-7E45-4CFA-8A25-7CBFED912096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6B6FE82-7BFA-481D-99D6-789B146CA18B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC12B43F-30F6-4B05-AB3A-E91D8404D5A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D423B62-8EFE-4EFD-A986-5F5ECE5B892F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E463039-5E48-4AA0-A42B-081053FA0111\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4479F76A-4B67-41CC-98C7-C76B81050F8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAEB09CA-9352-43CD-AF66-92BE416E039C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E5C9B0-AB25-4744-88E4-FD0C4A853001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A442DA9E-FF9A-4C51-9D3E-68D09C8BB472\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AB059F2-FEC4-4180-8A90-39965495055E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A276784-877B-4A29-A8F1-70518A438A9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59275C23-53C0-4890-A941-A71226B50CFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0535B116-57D6-4448-86A2-09BCE50894B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.1.0.0\", \"versionEndIncluding\": \"12.0.4.0.0\", \"matchCriteriaId\": \"0172500D-DE51-44E0-91E8-C8F36617C1F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E99E7D49-AE53-4D16-AB24-EBEAAD084289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69C215AB-25B4-47A6-AD6A-A60D2C0FF72F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F88A2F3-E201-4C68-8D11-0A5C76CDB071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBD877F8-E6EF-4314-AAC0-36F81F4908DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D7356B6-E197-4978-BF18-2CFD4D350A76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93BE4838-1144-4A6A-ABDB-F2766E64C91C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B54457C-8305-4F82-BE1E-DBA030A8E676\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C756C62B-E655-4770-8E85-B1995889E416\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93F65B4C-59D5-450A-9955-7FDA32252B0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A67AA54B-258D-4D09-9ACB-4085E0B3E585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0.0\", \"versionEndIncluding\": \"8.5.1.0\", \"matchCriteriaId\": \"A6BD600E-F3E9-40CE-9414-1D4506ACC1D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1\", \"versionEndIncluding\": \"16.4\", \"matchCriteriaId\": \"95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4A94B36-479F-48F2-9B9E-ACEA2589EF48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E812639B-EE28-4C68-9F6F-70C8BF981C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1214FDF-357A-4BB9-BADE-50FB2BD16D10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64BCB9E3-883D-4C1F-9785-2E182BA47B5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.1.0.0\", \"versionEndIncluding\": \"12.0.4.0.0\", \"matchCriteriaId\": \"26940103-F37C-4FBD-BDFD-528A497209D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A23B00C1-878A-4B55-B87B-EFFFA6A5E622\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F545DFC9-F331-4E1D-BACB-3D26873E5858\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7B49D71-6A31-497A-B6A9-06E84F086E7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A28F42F0-FBDA-4574-AD30-7A04F27FEA3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6235EAE-47DD-4292-9941-6FF8D0A83843\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"062E4E7C-55BB-46F3-8B61-5A663B565891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C05190B9-237F-4E2E-91EA-DB1B738864AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05AD47CC-8A6D-4AEC-B23E-701D3D649CC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6814B606-D054-433C-A46E-0F6E338E1C46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F05AF4B-A747-4314-95AE-F8495479AB3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FADE563-5AAA-42FF-B43F-35B20A2386C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F3D40B7-925C-413D-AFF3-60BF330D5BC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2204841-585F-40C7-A1D9-C34E612808CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB96A21-161F-42A9-9402-FABEC9C0C15A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.6\", \"versionEndIncluding\": \"12.2.11\", \"matchCriteriaId\": \"132DE874-6E47-452A-9FDD-27D5A41F046E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.6.0\", \"versionEndIncluding\": \"12.6.4\", \"matchCriteriaId\": \"135D531C-A692-4BE3-AB8C-37BB0D35559A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.3\", \"versionEndIncluding\": \"12.2.11\", \"matchCriteriaId\": \"7E6DF81E-E392-49E5-ADF4-510A3737A5CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BE83BC6-5A6F-40A1-AAC7-314A575D8E07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36CF85A9-2C29-46E7-961E-8ADD0B5822CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E80555C7-DA1C-472C-9467-19554DCE4476\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E8758C8-87D3-450A-878B-86CE8C9FC140\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7015A8CB-8FA6-423E-8307-BD903244F517\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9A4E206-56C7-4578-AC9C-088B0C8D9CFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1.2.4.47\", \"matchCriteriaId\": \"C78A7E07-AB08-46C5-942D-B40BBE0C0D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0\", \"versionEndExcluding\": \"21.3\", \"matchCriteriaId\": \"3197F464-F0A5-4BD4-9068-65CD448D8F4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"809FD6D6-D05D-4387-A725-F707015DEFBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1.2.4.47\", \"matchCriteriaId\": \"A093A76C-4B2C-4FAD-BFDF-09862F831102\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1277A9-C49C-4840-A118-986C10A07657\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.7\", \"versionEndIncluding\": \"8.1.1\", \"matchCriteriaId\": \"7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03B9F810-EF80-4551-BA6D-027B0B2A787D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B0A947-E4C8-4C04-AD3B-950E59DF7A0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AC36036-07CE-4903-8FFB-445C6908F0CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"435FDFA1-BF6A-499D-BDB6-88A26648DFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB3F3F63-9543-4568-BCB1-1CAF88384142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC0C4CA4-1694-474E-8272-CF96E168D962\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93E953D0-9C0C-4B03-9939-384A1F7E2BC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"767CC73D-2771-4BBC-9D74-4416AEC6BB2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D33B68C6-2A4E-418C-A2BD-43A3CC5D1003\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAE3EA23-045D-474C-ABD8-916930D4E9E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.8\", \"versionEndIncluding\": \"8.1.1\", \"matchCriteriaId\": \"0E8FD060-E9A8-499C-87B0-AF7BBED7771F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"10BBAD37-51A1-4819-807B-2642E9D4A69C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BE77B2-6368-470E-B9E6-21664D9A818A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3250073F-325A-4AFC-892F-F2005E3854A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"524429D6-8AF1-4713-A9B8-678B50A3762F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED21B958-0FD0-4697-9CE2-266DEE4E29DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6762F207-93C7-4363-B2F9-7A7C6F8AF993\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2177A5E9-B260-499E-8D60-920679518425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6329B1A2-75A8-4909-B4FB-77AC7232B6ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA86EF7E-6162-4244-9C88-7AF5CAB787E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.3.0.1\", \"matchCriteriaId\": \"DE5EA810-3110-4343-9054-0FCFCD608C25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.0.0\", \"versionEndExcluding\": \"19.1.0.0.220118\", \"matchCriteriaId\": \"78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0.0\", \"versionEndExcluding\": \"21.5.0.0.220118\", \"matchCriteriaId\": \"71050E24-6915-4B5E-98ED-AFAA6C2FF38B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"9F300E13-1B40-4B35-ACA5-4D402CD41055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"B10E38A6-783C-45A2-98A1-12FA1EB3D3AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.4\", \"matchCriteriaId\": \"29312DB7-AFD2-459E-A166-95437ABED12C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB8797ED-52E7-47B6-9F78-E2402671CCAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97C10FBE-FD9A-4739-9303-5B6FC7551D66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF45C905-9EFF-4108-9B70-9FFDDD6627A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66C673C4-A825-46C0-816B-103E1C058D03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA92E70A-2249-4144-B0B8-35501159ADB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3.0.0\", \"versionEndIncluding\": \"7.3.0.2\", \"matchCriteriaId\": \"F88FB6C5-D797-4017-A285-D3BB24B55429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.2\", \"matchCriteriaId\": \"D747A956-40A6-47D8-A813-FA4E13CB557F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E67501BE-206A-49FD-8CBA-22935DF917F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F04B1BA-EA84-4AA3-B208-DECC33E192EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"523391D8-CB84-4EBD-B337-6A99F52E537F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05F5B430-8BA1-4865-93B5-0DE89F424B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCBF2756-B831-4E6E-A15B-2A11DD48DB7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A577DCD3-6730-441A-B3BD-6199483FB1E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"577A07A9-DBB1-49E6-B2CC-60B917097472\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD7E9060-BA5B-4682-AC0D-EE5105AD0332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49706536-CE9B-4713-8460-CC961B50C341\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6F77F79-5E93-4FC2-84F2-26AF52B4C08A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"781049BF-3467-4DB5-89D4-6A76984E0261\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"058F9FC3-CA81-43BF-B083-DA8BE388E00A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52C13DE5-CA3C-414F-8813-BB0847433151\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD4EE554-DFE7-4C16-BC98-574DC97FC85C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE4160ED-75F2-4499-AC6C-90CD092A46E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F03BFDA-6904-42D7-8170-D6FD143BB16C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C85900AC-11DA-4FA8-A1E0-270240BF4B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.0\", \"versionEndIncluding\": \"5.6.0\", \"matchCriteriaId\": \"87B4051B-EB98-4D10-99D9-F15B44DBC7F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"428D2B1D-CFFD-49D1-BC05-2D85D22004DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F89EC4B-6D34-40F0-B7C6-C03D03F81C13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C9E689-ED91-4A9D-B9C0-5BF4EC131409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EFA1879-0BF9-4493-9145-15100BC38C0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF958C28-4289-4433-8CD9-B6551F01926F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndIncluding\": \"11.3.0\", \"matchCriteriaId\": \"48261B54-471D-4C03-AFF9-6F2EA8FA8EBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64D4B80E-2B67-4BDC-9A3A-7BFDA171016A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A570E5E-A3BC-4E19-BC44-C28D8BC9A537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndIncluding\": \"11.3.0\", \"matchCriteriaId\": \"5DEAB5CD-4223-4A43-AB9E-486113827A6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A94F93C-5828-4D78-9C48-20AC17E72B8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3E25293-CB03-44CE-A8ED-04B3A0487A6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2B51896-E4DA-4FDA-979F-481FFB3E588A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D63E2911-7DA8-41AC-AB7A-1AA29076F69F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.6.1\", \"matchCriteriaId\": \"65D65139-BB80-4713-8E59-6CA1116DCC1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7F43D86-B696-41E4-A288-6A2D43A1774A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB58D27-37F2-4A32-B786-3490024290A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.34\", \"matchCriteriaId\": \"AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.0\", \"versionEndExcluding\": \"7.5.24\", \"matchCriteriaId\": \"00D3ECDE-287B-4336-898A-0DFEBE2AB6C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.6.0\", \"versionEndExcluding\": \"7.6.20\", \"matchCriteriaId\": \"105CBFD5-20DF-4BF0-9629-B87AF404E33D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.27\", \"matchCriteriaId\": \"E248F8CE-5B39-457D-A47E-620858340840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.0.27\", \"matchCriteriaId\": \"9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E1912FB-8ABF-4640-92E7-367A4923267C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.7.36\", \"matchCriteriaId\": \"2C9E5736-6015-499E-A452-227DCFB87DA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.27\", \"matchCriteriaId\": \"F2B0D740-75B1-4953-A99F-965F999FDC64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3F3390B-4081-473F-A5E0-B5E3A3888F04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.0.27\", \"matchCriteriaId\": \"3C56CECB-6B97-406C-8761-8B7F74CA7DEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.1.12\", \"matchCriteriaId\": \"7167D144-C4AE-487F-B59A-888E10EA59DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.12.42\", \"matchCriteriaId\": \"71CB79ED-A93E-4CBD-BCDD-82C5A00B373B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4859861-C2EC-489F-A3B7-ACF85C709C24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"247C0D05-C76B-44BC-8750-C716FF980D70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2CB2872-747C-47AC-8463-DD759BF105B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DBC53C9-75EC-46F7-907D-63BB74864CD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D370F2E3-EF8A-440C-8319-D52FA3431428\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.0\", \"versionEndIncluding\": \"12.2.24\", \"matchCriteriaId\": \"F47057A9-2DDE-4178-B140-F7D70EAED8F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D8B3B57-73D6-4402-987F-8AE723D52F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA9948AB-0CA6-4148-949C-E500466B45F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D17905-5E69-4BD5-973B-30662AC3D678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70E72A74-F6A9-48EE-9279-3D9E53C2EC30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14C6AB5-CC45-4753-A60F-1F527B063127\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"583BBDF1-DBE4-486D-ABF8-7D2B0408490A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9810151-6F80-48FD-A51E-F063EB2B7324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.12.0\", \"versionEndIncluding\": \"17.12.11\", \"matchCriteriaId\": \"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.8.0\", \"versionEndIncluding\": \"18.8.13\", \"matchCriteriaId\": \"A621A5AE-6974-4BA5-B1AC-7130A46F68F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.12.0\", \"versionEndIncluding\": \"19.12.12\", \"matchCriteriaId\": \"4096281D-2EBA-490D-8180-3C9D05EB890A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.12.0\", \"versionEndIncluding\": \"20.12.7\", \"matchCriteriaId\": \"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15F45363-236B-4040-8AE4-C6C0E204EDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.12.0.0\", \"versionEndIncluding\": \"17.12.0.0-17.12.20.0\", \"matchCriteriaId\": \"DAB9BA0D-7149-4221-A5AE-D4664E11C86F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.8.0.0\", \"versionEndIncluding\": \"18.8.24.0\", \"matchCriteriaId\": \"CFE4EAC8-A743-4658-AD72-088A5E747180\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.12.0.0\", \"versionEndIncluding\": \"19.12.18.0\", \"matchCriteriaId\": \"AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.12.0.0\", \"versionEndIncluding\": \"20.12.12.0\", \"matchCriteriaId\": \"651104CE-0569-4E6D-ACAB-AD2AC85084DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45D89239-9142-46BD-846D-76A5A74A67B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.12.0.0\", \"versionEndIncluding\": \"17.12.20.0\", \"matchCriteriaId\": \"E867F5E0-48A0-4D84-A0CA-A428FB2264D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.8.0.0\", \"versionEndIncluding\": \"18.8.24.0\", \"matchCriteriaId\": \"05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.12.0.0\", \"versionEndIncluding\": \"19.12.17.0\", \"matchCriteriaId\": \"05848067-59FF-4C90-A8BA-D1E4311B3A82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.12.0.0\", \"versionEndIncluding\": \"20.12.9.0\", \"matchCriteriaId\": \"DC6AD8C8-96ED-4CFB-9953-99139FABCE35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.0.0.0\", \"versionEndIncluding\": \"18.0.3.0\", \"matchCriteriaId\": \"F67F218D-E827-482B-8417-483713F31D69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.0.0.0\", \"versionEndIncluding\": \"19.0.1.2\", \"matchCriteriaId\": \"0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53B3B01A-532C-45B7-9BFC-19AABF55644B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"683ABA64-9F16-4C23-8AF3-BB0C19FED9B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.7\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10864586-270E-4ACF-BDCC-ECFCD299305F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38340E3C-C452-4370-86D4-355B6B4E0A06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.2.6\", \"versionEndIncluding\": \"12.2.11\", \"matchCriteriaId\": \"CE004F32-F4DA-45A8-AD11-8924C4F1076A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C914A8CA-352B-4B02-8A2F-D5A6EC04AF53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CADD7026-EF85-40A5-8563-7A34C6941B1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F019E8-F68D-41B5-9480-0A81616F2E7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"12F5FDCF-EA13-44F1-B3D8-94310CD3841C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E83F05-B691-4450-BCA9-32209AEC4F6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"288235F9-2F9E-469A-BE14-9089D0782875\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6672F9C1-DA04-47F1-B699-C171511ACE38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11E57939-A543-44F7-942A-88690E39EABA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndIncluding\": \"16.0.2\", \"matchCriteriaId\": \"90D4D479-0294-4F31-B719-8544C8DC4554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48C9BD8E-7214-4B44-B549-6F11B3EA8A04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0735989-13BD-40B3-B954-AC0529C5B53D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58405263-E84C-4071-BB23-165D49034A00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndIncluding\": \"16.0.2\", \"matchCriteriaId\": \"08DF20EA-D1A6-4437-90F6-C0C40273CE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0\", \"versionEndIncluding\": \"19.0\", \"matchCriteriaId\": \"B92BB355-DB00-438E-84E5-8EC007009576\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3796186-D3A7-4259-846B-165AD9CEB7F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEDA5540-692D-47DA-9F68-83158D9AE628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5435583-C454-4AC9-8A35-D2D30EB252EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2140357-503A-4D2A-A099-CFA4DC649E41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BAE5686-8E11-4EF1-BC7E-5C565F2440C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31FFE404-027E-4B59-B3EF-BD20E1F7EECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"798E4FEE-9B2B-436E-A2B3-B8AA1079892A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B042849-7EF5-4A5F-B6CD-712C0B8735BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7435071D-0C95-4686-A978-AFC4C9A0D0FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5F6FD19-A314-4A1F-96CB-6DB1CED79430\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.1\", \"versionEndIncluding\": \"16.0.3\", \"matchCriteriaId\": \"A921C710-1C59-429F-B985-67C0DBFD695E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EEF867A-587A-45E1-B2F6-0B903903F0F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CFCE558-9972-46A2-8539-C16044F1BAA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFDF4CB0-4680-449A-8576-915721D59500\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD311C33-A309-44D5-BBFB-539D72C7F8C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0472632-4104-4397-B619-C4E86A748465\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48E25E7C-F7E8-4739-8251-00ACD11C12FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B5DC78-1C24-4F2B-A254-D833FAF47013\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"274999E6-18ED-46F0-8CF2-56374B3DF174\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9002379B-4FDA-44F3-98EB-0C9B6083E429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24A3C819-5151-4543-A5C6-998C9387C8A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"476B038D-7F60-482D-87AD-B58BEA35558E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FB98961-8C99-4490-A6B8-9A5158784F5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB86C644-7B79-4F87-A06D-C178E8C2B8B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C19C5CC9-544A-4E4D-8F0A-579BB5270F07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E1A9B0C-735A-40B4-901C-663CF5162E96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B956113-5B3B-436D-858B-8F29FB304364\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC456422-00B5-498E-A28E-EA834367D943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFC5F424-119D-4C66-8251-E735EEFBC0BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.1\", \"versionEndIncluding\": \"16.0.3\", \"matchCriteriaId\": \"0CE45891-A6A5-4699-90A6-6F49E60A7987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"054F9E62-A6D6-4850-83AD-3628C74A4384\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E702EBED-DB39-4084-84B1-258BC5FE7545\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D14A54A-4B04-41DE-B731-844D8AC3BE23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DA6B655-A445-42E5-B6D9-70AB1C04774A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74ACC94B-4A9F-451D-B639-6008A108BDDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"667A06DE-E173-406F-94DA-1FE64BCFAE18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.12\", \"matchCriteriaId\": \"6CA63BB4-27A9-4B26-B01C-1F527C7B9454\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D926BD38-E66E-41DA-9F65-40D68F8D8890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01E3B232-073E-433B-977A-1742B75109B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F6FDC33-D57E-4C6A-B633-BFC587147037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3B01572-9D32-44B2-8FCF-C282C887DB51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.2.2.8.27\", \"matchCriteriaId\": \"513AE97F-161C-43D2-B2D1-653125A9E920\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0.0\", \"versionEndExcluding\": \"21.1.1.1.0\", \"matchCriteriaId\": \"34656ECE-15CB-495C-8573-7C98B383F15B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0.1.0\", \"versionEndIncluding\": \"4.3.0.6.0\", \"matchCriteriaId\": \"51309958-121D-4649-AB9A-EBFA3A49F7CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B393A82-476A-4270-A903-38ED4169E431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5B4C338-11E1-4235-9D5A-960B2711AC39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C93F84E-9680-44EF-8656-D27440B51698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.32\", \"matchCriteriaId\": \"91A2A4B0-88FC-41D1-8719-4FAABED19F8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A502118-5B2B-47AE-82EC-1999BD841103\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C93CC705-1F8C-4870-99E6-14BF264C3811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB85582D-0106-47F1-894F-0BC4FF0B5462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"964B57CD-CB8A-4520-B358-1C93EC5EF2DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8C192B-8044-4BF9-9F1F-57371FC0E8FD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DB505EC-A54C-4033-B3A6-24CEF87A855D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4A48DA6-C5A5-4B3D-B43B-31380223A55A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB27AABE-079B-4DF0-ABEF-0D3329685B1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"529D4274-F33B-47C7-A3FB-6F86096FD955\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D2D622F-E345-4A4D-861F-6460DF56880C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A534E662-66B7-448B-A763-6B043112C877\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCBEE0C8-CC99-4A25-9342-208D4DB91AAD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95541D18-5C33-49E9-924D-0B21162EC2C4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE5C60CD-F890-4E3F-A2C3-9153591E7647\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FD4F61-0A4F-4C74-A852-B1CD3639E1D8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotaci\\u00f3n del validador SafeHtml no puede sanear apropiadamente las cargas \\u00fatiles que consisten en c\\u00f3digo potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS.\"}]",
"id": "CVE-2019-10219",
"lastModified": "2024-11-21T04:18:40.947",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-11-08T15:15:11.157",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2020:0159\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0160\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0161\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0164\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0445\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220210-0024/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220210-0024/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10219\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-11-08T15:15:11.157\",\"lastModified\":\"2025-07-07T14:15:21.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotaci\u00f3n del validador SafeHtml no puede sanear apropiadamente las cargas \u00fatiles que consisten en c\u00f3digo potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.18\",\"matchCriteriaId\":\"552F082C-38E5-49A9-A451-71B6ECAF21B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82A1C19-F8AE-4DA9-891D-247F07D57605\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E38B943A-B167-4EAD-9308-47FF525BE57A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6766965C-2991-4559-975B-9E864DF8F10D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CD7403-23C7-488F-84EC-1F0C675E87D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB7C69E-FA13-43AB-89AD-FE1E4687E02A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"077732DB-F5F3-4E9C-9AC0-8142AB85B32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"2BF03A52-4068-47EA-8846-1E5FB708CE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"B8423D7F-3A8F-4AD8-BF51-245C9D8DD816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"ADB40F59-CAAE-47D6-850C-12619D8D5B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*\",\"matchCriteriaId\":\"341E6313-20D5-44CB-9719-B20585DC5AD6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"DC01D8F3-291A-44E5-99C1-6771F6656E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*\",\"matchCriteriaId\":\"5E1DE4F5-9094-4C73-AA1B-5C902F38DD24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A287FA5D-D7D9-40B4-8DB2-1D7CE1808408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20EB3430-0FF2-4668-BB20-A5611ACC73F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"432BFCF5-A5DC-487C-A111-DE70AB3FCDAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*\",\"matchCriteriaId\":\"5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06480458-3216-4C42-9270-F68A41EEC147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480BF1CB-11D7-4D86-A99E-960F316F2E1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB124AD9-8000-449B-8219-0FF011F86B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84E5662-0289-4ED5-A112-BC506508216C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD312681-73A4-4B21-BDE8-50DED7E3E0CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67940FD-3BA7-40A8-8E40-44B37D23E2DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6EB4DE-33DA-4810-96BD-29C82B433714\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C446826-EF5B-4937-ADB4-1102F9F39304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7FCB446-49A7-48B9-8808-E72A4E2E48C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9B2F53-257E-49E2-83C3-0840BDB4D67C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CF34B1B-0FC0-4EA6-830D-D2191337D451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B79608-5D94-45C3-ADF0-B181B92C3014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25193811-46CE-4A0E-B22D-67BE99FAD450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"869D51B3-FB50-4BD6-8A0C-D0984267525F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08B8F413-2000-493B-82B1-BEFE343BB8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"042269E6-D3B4-4867-86FA-9301FACA9FF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F03B63-F922-45CD-A7D1-326DB0042875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CBFC93F-8B39-45A2-981C-59B187169BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0843465C-F940-4FFC-998D-9A2668B75EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F834ACC-D65B-4CA3-91F1-415CBC6077E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"560F20E6-AEA1-4CE5-A393-C9B2CF334C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE7BF09-B89C-4590-821E-6C0587E096B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18127694-109C-4E7E-AE79-0BA351849291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D6895A6-511A-4DC6-9F9B-58E05B86BDB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473749BD-267E-480F-8E7F-C762702DB66E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320D36DA-D99F-4149-B582-3F4AB2F41A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.4.0\",\"matchCriteriaId\":\"05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E502A46-BAF4-4558-BC8F-9F014A2FB26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C542DC5E-6657-4178-9C69-46FD3C187D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"6D0F559E-0790-461B-ACED-5B00F4D40893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282150FF-C945-4A3E-8A80-E8757A8907EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD806C1-CC17-47BD-8BB0-9430C4253BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC56004-4497-4CDD-AE76-5E3DFAE170F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274A0CF5-41E8-42E0-9931-F7372A65B9C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF828F5-C666-40DA-98DD-CDF658D7090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA8461A2-428C-4817-92A9-0C671545698D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D40AD626-B23A-44A3-A6C0-1FFB4D647AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B602F9E8-1580-436C-A26D-6E6F8121A583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"77C3DD16-1D81-40E1-B312-50FBD275507C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"81DAC8C0-D342-44B5-9432-6B88D389584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B2CEA84-0983-4C40-B923-99244ABCF32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FD798A8-38B7-42C1-9043-863D16CE7ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3622F5-5976-4BBC-A147-FC8A6431EA79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.3.2\",\"matchCriteriaId\":\"F012E976-E219-46C2-8177-60ED859594BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"787E2C1B-9BAD-4018-8495-E9BE75628BB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0111372-B39F-4B3D-8136-44C2C1CFD12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B465F237-0271-4389-8035-89C07A52350D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A9E4125-B744-4A9D-BFE6-5D82939958FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261212BD-125A-487F-97E8-A9587935DFE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4063FAD6-21D4-42C7-87C0-D299532E0982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98FB24DB-AF91-48D0-9CA5-C8250D183FD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868E7C46-7E45-4CFA-8A25-7CBFED912096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6B6FE82-7BFA-481D-99D6-789B146CA18B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC12B43F-30F6-4B05-AB3A-E91D8404D5A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D423B62-8EFE-4EFD-A986-5F5ECE5B892F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E463039-5E48-4AA0-A42B-081053FA0111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4479F76A-4B67-41CC-98C7-C76B81050F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAEB09CA-9352-43CD-AF66-92BE416E039C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E5C9B0-AB25-4744-88E4-FD0C4A853001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A442DA9E-FF9A-4C51-9D3E-68D09C8BB472\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB059F2-FEC4-4180-8A90-39965495055E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A276784-877B-4A29-A8F1-70518A438A9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59275C23-53C0-4890-A941-A71226B50CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0535B116-57D6-4448-86A2-09BCE50894B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.1.0.0\",\"versionEndIncluding\":\"12.0.4.0.0\",\"matchCriteriaId\":\"0172500D-DE51-44E0-91E8-C8F36617C1F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E99E7D49-AE53-4D16-AB24-EBEAAD084289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69C215AB-25B4-47A6-AD6A-A60D2C0FF72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F88A2F3-E201-4C68-8D11-0A5C76CDB071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBD877F8-E6EF-4314-AAC0-36F81F4908DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D7356B6-E197-4978-BF18-2CFD4D350A76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93BE4838-1144-4A6A-ABDB-F2766E64C91C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B54457C-8305-4F82-BE1E-DBA030A8E676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C756C62B-E655-4770-8E85-B1995889E416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F65B4C-59D5-450A-9955-7FDA32252B0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67AA54B-258D-4D09-9ACB-4085E0B3E585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.5.1.0\",\"matchCriteriaId\":\"A6BD600E-F3E9-40CE-9414-1D4506ACC1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1\",\"versionEndIncluding\":\"16.4\",\"matchCriteriaId\":\"95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A94B36-479F-48F2-9B9E-ACEA2589EF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1214FDF-357A-4BB9-BADE-50FB2BD16D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64BCB9E3-883D-4C1F-9785-2E182BA47B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.1.0.0\",\"versionEndIncluding\":\"12.0.4.0.0\",\"matchCriteriaId\":\"26940103-F37C-4FBD-BDFD-528A497209D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23B00C1-878A-4B55-B87B-EFFFA6A5E622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F545DFC9-F331-4E1D-BACB-3D26873E5858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98BAEB2-A540-4E8A-A946-C4331B913AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FBE260-E306-4215-80C0-D2D27CA43E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7B49D71-6A31-497A-B6A9-06E84F086E7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28F42F0-FBDA-4574-AD30-7A04F27FEA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6235EAE-47DD-4292-9941-6FF8D0A83843\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C05190B9-237F-4E2E-91EA-DB1B738864AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AD47CC-8A6D-4AEC-B23E-701D3D649CC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6814B606-D054-433C-A46E-0F6E338E1C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F05AF4B-A747-4314-95AE-F8495479AB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FADE563-5AAA-42FF-B43F-35B20A2386C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3D40B7-925C-413D-AFF3-60BF330D5BC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2204841-585F-40C7-A1D9-C34E612808CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB96A21-161F-42A9-9402-FABEC9C0C15A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.6\",\"versionEndIncluding\":\"12.2.11\",\"matchCriteriaId\":\"132DE874-6E47-452A-9FDD-27D5A41F046E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.6.0\",\"versionEndIncluding\":\"12.6.4\",\"matchCriteriaId\":\"135D531C-A692-4BE3-AB8C-37BB0D35559A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.3\",\"versionEndIncluding\":\"12.2.11\",\"matchCriteriaId\":\"7E6DF81E-E392-49E5-ADF4-510A3737A5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BE83BC6-5A6F-40A1-AAC7-314A575D8E07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36CF85A9-2C29-46E7-961E-8ADD0B5822CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80555C7-DA1C-472C-9467-19554DCE4476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8758C8-87D3-450A-878B-86CE8C9FC140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015A8CB-8FA6-423E-8307-BD903244F517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A4E206-56C7-4578-AC9C-088B0C8D9CFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.2.4.47\",\"matchCriteriaId\":\"C78A7E07-AB08-46C5-942D-B40BBE0C0D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0\",\"versionEndExcluding\":\"21.3\",\"matchCriteriaId\":\"3197F464-F0A5-4BD4-9068-65CD448D8F4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"809FD6D6-D05D-4387-A725-F707015DEFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.2.4.47\",\"matchCriteriaId\":\"A093A76C-4B2C-4FAD-BFDF-09862F831102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1277A9-C49C-4840-A118-986C10A07657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.7\",\"versionEndIncluding\":\"8.1.1\",\"matchCriteriaId\":\"7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B9F810-EF80-4551-BA6D-027B0B2A787D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B0A947-E4C8-4C04-AD3B-950E59DF7A0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC36036-07CE-4903-8FFB-445C6908F0CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"435FDFA1-BF6A-499D-BDB6-88A26648DFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3F3F63-9543-4568-BCB1-1CAF88384142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC0C4CA4-1694-474E-8272-CF96E168D962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93E953D0-9C0C-4B03-9939-384A1F7E2BC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767CC73D-2771-4BBC-9D74-4416AEC6BB2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D33B68C6-2A4E-418C-A2BD-43A3CC5D1003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAE3EA23-045D-474C-ABD8-916930D4E9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.8\",\"versionEndIncluding\":\"8.1.1\",\"matchCriteriaId\":\"0E8FD060-E9A8-499C-87B0-AF7BBED7771F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"10BBAD37-51A1-4819-807B-2642E9D4A69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BE77B2-6368-470E-B9E6-21664D9A818A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3250073F-325A-4AFC-892F-F2005E3854A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"524429D6-8AF1-4713-A9B8-678B50A3762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED21B958-0FD0-4697-9CE2-266DEE4E29DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6762F207-93C7-4363-B2F9-7A7C6F8AF993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2177A5E9-B260-499E-8D60-920679518425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6329B1A2-75A8-4909-B4FB-77AC7232B6ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA86EF7E-6162-4244-9C88-7AF5CAB787E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.3.0.1\",\"matchCriteriaId\":\"DE5EA810-3110-4343-9054-0FCFCD608C25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"19.1.0.0.220118\",\"matchCriteriaId\":\"78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0.0\",\"versionEndExcluding\":\"21.5.0.0.220118\",\"matchCriteriaId\":\"71050E24-6915-4B5E-98ED-AFAA6C2FF38B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"9F300E13-1B40-4B35-ACA5-4D402CD41055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B10E38A6-783C-45A2-98A1-12FA1EB3D3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.4\",\"matchCriteriaId\":\"29312DB7-AFD2-459E-A166-95437ABED12C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB8797ED-52E7-47B6-9F78-E2402671CCAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C10FBE-FD9A-4739-9303-5B6FC7551D66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF45C905-9EFF-4108-9B70-9FFDDD6627A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66C673C4-A825-46C0-816B-103E1C058D03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA92E70A-2249-4144-B0B8-35501159ADB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0.0\",\"versionEndIncluding\":\"7.3.0.2\",\"matchCriteriaId\":\"F88FB6C5-D797-4017-A285-D3BB24B55429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.2\",\"matchCriteriaId\":\"D747A956-40A6-47D8-A813-FA4E13CB557F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67501BE-206A-49FD-8CBA-22935DF917F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F04B1BA-EA84-4AA3-B208-DECC33E192EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"523391D8-CB84-4EBD-B337-6A99F52E537F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05F5B430-8BA1-4865-93B5-0DE89F424B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBF2756-B831-4E6E-A15B-2A11DD48DB7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDA65DE-5727-49DC-8D50-DA81DB3E8841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A577DCD3-6730-441A-B3BD-6199483FB1E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"577A07A9-DBB1-49E6-B2CC-60B917097472\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7E9060-BA5B-4682-AC0D-EE5105AD0332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49706536-CE9B-4713-8460-CC961B50C341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6F77F79-5E93-4FC2-84F2-26AF52B4C08A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"781049BF-3467-4DB5-89D4-6A76984E0261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"058F9FC3-CA81-43BF-B083-DA8BE388E00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C13DE5-CA3C-414F-8813-BB0847433151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD4EE554-DFE7-4C16-BC98-574DC97FC85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE4160ED-75F2-4499-AC6C-90CD092A46E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F03BFDA-6904-42D7-8170-D6FD143BB16C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C85900AC-11DA-4FA8-A1E0-270240BF4B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"5.6.0\",\"matchCriteriaId\":\"87B4051B-EB98-4D10-99D9-F15B44DBC7F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"428D2B1D-CFFD-49D1-BC05-2D85D22004DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F89EC4B-6D34-40F0-B7C6-C03D03F81C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C9E689-ED91-4A9D-B9C0-5BF4EC131409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EFA1879-0BF9-4493-9145-15100BC38C0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF958C28-4289-4433-8CD9-B6551F01926F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"48261B54-471D-4C03-AFF9-6F2EA8FA8EBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64D4B80E-2B67-4BDC-9A3A-7BFDA171016A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A570E5E-A3BC-4E19-BC44-C28D8BC9A537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"5DEAB5CD-4223-4A43-AB9E-486113827A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A94F93C-5828-4D78-9C48-20AC17E72B8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E25293-CB03-44CE-A8ED-04B3A0487A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B51896-E4DA-4FDA-979F-481FFB3E588A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D63E2911-7DA8-41AC-AB7A-1AA29076F69F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.6.1\",\"matchCriteriaId\":\"65D65139-BB80-4713-8E59-6CA1116DCC1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F43D86-B696-41E4-A288-6A2D43A1774A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB58D27-37F2-4A32-B786-3490024290A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.34\",\"matchCriteriaId\":\"AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0\",\"versionEndExcluding\":\"7.5.24\",\"matchCriteriaId\":\"00D3ECDE-287B-4336-898A-0DFEBE2AB6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.20\",\"matchCriteriaId\":\"105CBFD5-20DF-4BF0-9629-B87AF404E33D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.27\",\"matchCriteriaId\":\"E248F8CE-5B39-457D-A47E-620858340840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.27\",\"matchCriteriaId\":\"9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E1912FB-8ABF-4640-92E7-367A4923267C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7.36\",\"matchCriteriaId\":\"2C9E5736-6015-499E-A452-227DCFB87DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.27\",\"matchCriteriaId\":\"F2B0D740-75B1-4953-A99F-965F999FDC64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3F3390B-4081-473F-A5E0-B5E3A3888F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.27\",\"matchCriteriaId\":\"3C56CECB-6B97-406C-8761-8B7F74CA7DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.12\",\"matchCriteriaId\":\"7167D144-C4AE-487F-B59A-888E10EA59DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.42\",\"matchCriteriaId\":\"71CB79ED-A93E-4CBD-BCDD-82C5A00B373B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4859861-C2EC-489F-A3B7-ACF85C709C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"247C0D05-C76B-44BC-8750-C716FF980D70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2CB2872-747C-47AC-8463-DD759BF105B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DBC53C9-75EC-46F7-907D-63BB74864CD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D370F2E3-EF8A-440C-8319-D52FA3431428\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.24\",\"matchCriteriaId\":\"F47057A9-2DDE-4178-B140-F7D70EAED8F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D8B3B57-73D6-4402-987F-8AE723D52F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA9948AB-0CA6-4148-949C-E500466B45F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D17905-5E69-4BD5-973B-30662AC3D678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70E72A74-F6A9-48EE-9279-3D9E53C2EC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14C6AB5-CC45-4753-A60F-1F527B063127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"583BBDF1-DBE4-486D-ABF8-7D2B0408490A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9810151-6F80-48FD-A51E-F063EB2B7324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.13\",\"matchCriteriaId\":\"A621A5AE-6974-4BA5-B1AC-7130A46F68F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.12\",\"matchCriteriaId\":\"4096281D-2EBA-490D-8180-3C9D05EB890A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.7\",\"matchCriteriaId\":\"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F45363-236B-4040-8AE4-C6C0E204EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0.0\",\"versionEndIncluding\":\"17.12.0.0-17.12.20.0\",\"matchCriteriaId\":\"DAB9BA0D-7149-4221-A5AE-D4664E11C86F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0.0\",\"versionEndIncluding\":\"18.8.24.0\",\"matchCriteriaId\":\"CFE4EAC8-A743-4658-AD72-088A5E747180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0.0\",\"versionEndIncluding\":\"19.12.18.0\",\"matchCriteriaId\":\"AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"20.12.12.0\",\"matchCriteriaId\":\"651104CE-0569-4E6D-ACAB-AD2AC85084DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D89239-9142-46BD-846D-76A5A74A67B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0.0\",\"versionEndIncluding\":\"17.12.20.0\",\"matchCriteriaId\":\"E867F5E0-48A0-4D84-A0CA-A428FB2264D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0.0\",\"versionEndIncluding\":\"18.8.24.0\",\"matchCriteriaId\":\"05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0.0\",\"versionEndIncluding\":\"19.12.17.0\",\"matchCriteriaId\":\"05848067-59FF-4C90-A8BA-D1E4311B3A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"20.12.9.0\",\"matchCriteriaId\":\"DC6AD8C8-96ED-4CFB-9953-99139FABCE35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0.0\",\"versionEndIncluding\":\"18.0.3.0\",\"matchCriteriaId\":\"F67F218D-E827-482B-8417-483713F31D69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0.0\",\"versionEndIncluding\":\"19.0.1.2\",\"matchCriteriaId\":\"0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B3B01A-532C-45B7-9BFC-19AABF55644B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"683ABA64-9F16-4C23-8AF3-BB0C19FED9B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.6\",\"versionEndIncluding\":\"12.2.11\",\"matchCriteriaId\":\"CE004F32-F4DA-45A8-AD11-8924C4F1076A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C914A8CA-352B-4B02-8A2F-D5A6EC04AF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CADD7026-EF85-40A5-8563-7A34C6941B1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F019E8-F68D-41B5-9480-0A81616F2E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"12F5FDCF-EA13-44F1-B3D8-94310CD3841C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E83F05-B691-4450-BCA9-32209AEC4F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288235F9-2F9E-469A-BE14-9089D0782875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6672F9C1-DA04-47F1-B699-C171511ACE38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E57939-A543-44F7-942A-88690E39EABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndIncluding\":\"16.0.2\",\"matchCriteriaId\":\"90D4D479-0294-4F31-B719-8544C8DC4554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C9BD8E-7214-4B44-B549-6F11B3EA8A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndIncluding\":\"16.0.2\",\"matchCriteriaId\":\"08DF20EA-D1A6-4437-90F6-C0C40273CE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"19.0\",\"matchCriteriaId\":\"B92BB355-DB00-438E-84E5-8EC007009576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3796186-D3A7-4259-846B-165AD9CEB7F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDA5540-692D-47DA-9F68-83158D9AE628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5435583-C454-4AC9-8A35-D2D30EB252EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2140357-503A-4D2A-A099-CFA4DC649E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BAE5686-8E11-4EF1-BC7E-5C565F2440C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31FFE404-027E-4B59-B3EF-BD20E1F7EECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798E4FEE-9B2B-436E-A2B3-B8AA1079892A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B042849-7EF5-4A5F-B6CD-712C0B8735BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7435071D-0C95-4686-A978-AFC4C9A0D0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F6FD19-A314-4A1F-96CB-6DB1CED79430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.1\",\"versionEndIncluding\":\"16.0.3\",\"matchCriteriaId\":\"A921C710-1C59-429F-B985-67C0DBFD695E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EEF867A-587A-45E1-B2F6-0B903903F0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFCE558-9972-46A2-8539-C16044F1BAA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFDF4CB0-4680-449A-8576-915721D59500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD311C33-A309-44D5-BBFB-539D72C7F8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0472632-4104-4397-B619-C4E86A748465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E25E7C-F7E8-4739-8251-00ACD11C12FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B5DC78-1C24-4F2B-A254-D833FAF47013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274999E6-18ED-46F0-8CF2-56374B3DF174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9002379B-4FDA-44F3-98EB-0C9B6083E429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A3C819-5151-4543-A5C6-998C9387C8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476B038D-7F60-482D-87AD-B58BEA35558E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB98961-8C99-4490-A6B8-9A5158784F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB86C644-7B79-4F87-A06D-C178E8C2B8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C19C5CC9-544A-4E4D-8F0A-579BB5270F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1A9B0C-735A-40B4-901C-663CF5162E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B956113-5B3B-436D-858B-8F29FB304364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC456422-00B5-498E-A28E-EA834367D943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC5F424-119D-4C66-8251-E735EEFBC0BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.1\",\"versionEndIncluding\":\"16.0.3\",\"matchCriteriaId\":\"0CE45891-A6A5-4699-90A6-6F49E60A7987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"054F9E62-A6D6-4850-83AD-3628C74A4384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702EBED-DB39-4084-84B1-258BC5FE7545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D14A54A-4B04-41DE-B731-844D8AC3BE23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA6B655-A445-42E5-B6D9-70AB1C04774A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74ACC94B-4A9F-451D-B639-6008A108BDDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667A06DE-E173-406F-94DA-1FE64BCFAE18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06816711-7C49-47B9-A9D7-FB18CC3F42F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.12\",\"matchCriteriaId\":\"6CA63BB4-27A9-4B26-B01C-1F527C7B9454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D926BD38-E66E-41DA-9F65-40D68F8D8890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E3B232-073E-433B-977A-1742B75109B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F6FDC33-D57E-4C6A-B633-BFC587147037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B01572-9D32-44B2-8FCF-C282C887DB51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.2.8.27\",\"matchCriteriaId\":\"513AE97F-161C-43D2-B2D1-653125A9E920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0.0\",\"versionEndExcluding\":\"21.1.1.1.0\",\"matchCriteriaId\":\"34656ECE-15CB-495C-8573-7C98B383F15B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0.1.0\",\"versionEndIncluding\":\"4.3.0.6.0\",\"matchCriteriaId\":\"51309958-121D-4649-AB9A-EBFA3A49F7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B4C338-11E1-4235-9D5A-960B2711AC39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C93F84E-9680-44EF-8656-D27440B51698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.32\",\"matchCriteriaId\":\"91A2A4B0-88FC-41D1-8719-4FAABED19F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB85582D-0106-47F1-894F-0BC4FF0B5462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964B57CD-CB8A-4520-B358-1C93EC5EF2DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8C192B-8044-4BF9-9F1F-57371FC0E8FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DB505EC-A54C-4033-B3A6-24CEF87A855D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A48DA6-C5A5-4B3D-B43B-31380223A55A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB27AABE-079B-4DF0-ABEF-0D3329685B1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"529D4274-F33B-47C7-A3FB-6F86096FD955\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D2D622F-E345-4A4D-861F-6460DF56880C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A534E662-66B7-448B-A763-6B043112C877\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBEE0C8-CC99-4A25-9342-208D4DB91AAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95541D18-5C33-49E9-924D-0B21162EC2C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE5C60CD-F890-4E3F-A2C3-9153591E7647\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FD4F61-0A4F-4C74-A852-B1CD3639E1D8\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0159\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0160\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0161\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0164\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0445\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0024/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0024/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-056
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-21371",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21371"
},
{
"name": "CVE-2022-21252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21252"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2022-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21292"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2022-21257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21257"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2022-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21347"
},
{
"name": "CVE-2022-21361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21361"
},
{
"name": "CVE-2022-21260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21260"
},
{
"name": "CVE-2022-21258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21258"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2022-21259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21259"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"name": "CVE-2022-21353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21353"
},
{
"name": "CVE-2022-21306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21306"
},
{
"name": "CVE-2022-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21350"
},
{
"name": "CVE-2022-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21262"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2022-21386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21386"
},
{
"name": "CVE-2022-21261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21261"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-056",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixFMW"
}
]
}
CERTFR-2023-AVI-0648
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere sans les correctifs de sécurité du 08 août 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0648",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNetApp. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20220210-0024 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230427-0011 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20230427-0011/"
}
]
}
CERTFR-2022-AVI-056
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-21371",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21371"
},
{
"name": "CVE-2022-21252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21252"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2022-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21292"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2022-21257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21257"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2022-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21347"
},
{
"name": "CVE-2022-21361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21361"
},
{
"name": "CVE-2022-21260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21260"
},
{
"name": "CVE-2022-21258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21258"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2022-21259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21259"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"name": "CVE-2022-21353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21353"
},
{
"name": "CVE-2022-21306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21306"
},
{
"name": "CVE-2022-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21350"
},
{
"name": "CVE-2022-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21262"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2022-21386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21386"
},
{
"name": "CVE-2022-21261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21261"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-056",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixFMW"
}
]
}
CERTFR-2023-AVI-0648
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S | NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | NetApp HCI Baseboard Management Controller (BMC) - H410C | NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows sans les correctifs de sécurité du 08 août 2023 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere sans les correctifs de sécurité du 08 août 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "NetApp HCI Baseboard Management Controller (BMC) - H410C sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "NetApp HCI Baseboard Management Controller (BMC) - H410C",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0648",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNetApp. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20220210-0024 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230427-0011 du 08 ao\u00fbt 2023",
"url": "https://security.netapp.com/advisory/ntap-20230427-0011/"
}
]
}
BDU:2023-05424
Vulnerability from fstec - Published: 27.03.2019
VLAI Severity ?
Title
Уязвимость валидатора SafeHtml библиотеки Hibernate Validator, позволяющая нарушителю проводить межсайтовые сценарные атаки
Description
Уязвимость валидатора SafeHtml библиотеки Hibernate Validator связана с непринятием мер по защите структуры веб-страницы при обработке HTML-содержимого. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки
Severity ?
Vendor
Oracle Corp., Сообщество свободного программного обеспечения, Red Hat Inc., ООО «Ред Софт», АО «ИВК», Hibernate
Software Name
WebLogic Server, Debian GNU/Linux, JBoss Enterprise Application Platform, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Hibernate Validator, Red Hat Satellite, Red Hat Data Grid, Red Hat Fuse
Software Version
12.2.1.3.0 (WebLogic Server), 10 (Debian GNU/Linux), 7.2 (JBoss Enterprise Application Platform), 12.2.1.4.0 (WebLogic Server), 7.2 for RHEL 6 (JBoss Enterprise Application Platform), 7.2 for RHEL 7 (JBoss Enterprise Application Platform), 7.2 for RHEL 8 (JBoss Enterprise Application Platform), 14.1.1.0.0 (WebLogic Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), - (Альт 8 СП), до 6.0.18 (Hibernate Validator), от 6.1.0 alpha1 до 6.1.0 alpha6 включительно (Hibernate Validator), 6.8 for RHEL 7 (Red Hat Satellite), 13 (Debian GNU/Linux), 7.3.6 (Red Hat Data Grid), 7.8.0 (Red Hat Fuse)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Hibernate Validator:
https://github.com/apache/accumulo/pull/1469
https://github.com/hibernate/hibernate-validator/tags?after=6.1.1.Final
https://hibernate.org/validator/releases/
Для Альт 8 СП:
https://altsp.su/obnovleniya-bezopasnosti/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2019-10219
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2019-10219
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2022.html
Для Ред ОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://security-tracker.debian.org/tracker/CVE-2019-10219
https://access.redhat.com/security/cve/CVE-2019-10219
https://vuldb.com/ru/?id.145250
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E
https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E
https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E
https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
https://security.netapp.com/advisory/ntap-20220210-0024/
https://www.oracle.com/security-alerts/cpujan2022.html
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Hibernate",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.2.1.3.0 (WebLogic Server), 10 (Debian GNU/Linux), 7.2 (JBoss Enterprise Application Platform), 12.2.1.4.0 (WebLogic Server), 7.2 for RHEL 6 (JBoss Enterprise Application Platform), 7.2 for RHEL 7 (JBoss Enterprise Application Platform), 7.2 for RHEL 8 (JBoss Enterprise Application Platform), 14.1.1.0.0 (WebLogic Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 6.0.18 (Hibernate Validator), \u043e\u0442 6.1.0 alpha1 \u0434\u043e 6.1.0 alpha6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Hibernate Validator), 6.8 for RHEL 7 (Red Hat Satellite), 13 (Debian GNU/Linux), 7.3.6 (Red Hat Data Grid), 7.8.0 (Red Hat Fuse)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Hibernate Validator:\nhttps://github.com/apache/accumulo/pull/1469\nhttps://github.com/hibernate/hibernate-validator/tags?after=6.1.1.Final\nhttps://hibernate.org/validator/releases/\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f:\nhttps://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2019-10219\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2019-10219\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.03.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05424",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10219",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WebLogic Server, Debian GNU/Linux, JBoss Enterprise Application Platform, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Hibernate Validator, Red Hat Satellite, Red Hat Data Grid, Red Hat Fuse",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 13 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0430\u043b\u0438\u0434\u0430\u0442\u043e\u0440\u0430 SafeHtml \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Hibernate Validator, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0430\u043b\u0438\u0434\u0430\u0442\u043e\u0440\u0430 SafeHtml \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Hibernate Validator \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 HTML-\u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2019-10219\nhttps://access.redhat.com/security/cve/CVE-2019-10219\nhttps://vuldb.com/ru/?id.145250\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 \nhttps://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E \nhttps://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E \nhttps://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E \nhttps://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E \nhttps://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E\nhttps://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E \nhttps://security.netapp.com/advisory/ntap-20220210-0024/ \nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
FKIE_CVE-2019-10219
Vulnerability from fkie_nvd - Published: 2019-11-08 15:15 - Updated: 2025-07-07 14:15
Severity ?
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "552F082C-38E5-49A9-A451-71B6ECAF21B2",
"versionEndExcluding": "6.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A82A1C19-F8AE-4DA9-891D-247F07D57605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "E38B943A-B167-4EAD-9308-47FF525BE57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "6766965C-2991-4559-975B-9E864DF8F10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E6CD7403-23C7-488F-84EC-1F0C675E87D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "EEB7C69E-FA13-43AB-89AD-FE1E4687E02A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "077732DB-F5F3-4E9C-9AC0-8142AB85B32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "2BF03A52-4068-47EA-8846-1E5FB708CE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "ADB40F59-CAAE-47D6-850C-12619D8D5B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*",
"matchCriteriaId": "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A287FA5D-D7D9-40B4-8DB2-1D7CE1808408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20EB3430-0FF2-4668-BB20-A5611ACC73F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "432BFCF5-A5DC-487C-A111-DE70AB3FCDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06480458-3216-4C42-9270-F68A41EEC147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "480BF1CB-11D7-4D86-A99E-960F316F2E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB124AD9-8000-449B-8219-0FF011F86B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84E5662-0289-4ED5-A112-BC506508216C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD312681-73A4-4B21-BDE8-50DED7E3E0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67940FD-3BA7-40A8-8E40-44B37D23E2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6EB4DE-33DA-4810-96BD-29C82B433714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0C446826-EF5B-4937-ADB4-1102F9F39304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FCB446-49A7-48B9-8808-E72A4E2E48C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9B2F53-257E-49E2-83C3-0840BDB4D67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF34B1B-0FC0-4EA6-830D-D2191337D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B79608-5D94-45C3-ADF0-B181B92C3014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25193811-46CE-4A0E-B22D-67BE99FAD450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869D51B3-FB50-4BD6-8A0C-D0984267525F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08B8F413-2000-493B-82B1-BEFE343BB8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "042269E6-D3B4-4867-86FA-9301FACA9FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6",
"versionEndIncluding": "2.4.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0F559E-0790-461B-ACED-5B00F4D40893",
"versionEndIncluding": "2.4.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF828F5-C666-40DA-98DD-CDF658D7090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8461A2-428C-4817-92A9-0C671545698D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2CEA84-0983-4C40-B923-99244ABCF32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD798A8-38B7-42C1-9043-863D16CE7ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787E2C1B-9BAD-4018-8495-E9BE75628BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0111372-B39F-4B3D-8136-44C2C1CFD12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9E4125-B744-4A9D-BFE6-5D82939958FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "261212BD-125A-487F-97E8-A9587935DFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063FAD6-21D4-42C7-87C0-D299532E0982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98FB24DB-AF91-48D0-9CA5-C8250D183FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "868E7C46-7E45-4CFA-8A25-7CBFED912096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D423B62-8EFE-4EFD-A986-5F5ECE5B892F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAEB09CA-9352-43CD-AF66-92BE416E039C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59275C23-53C0-4890-A941-A71226B50CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0535B116-57D6-4448-86A2-09BCE50894B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F88A2F3-E201-4C68-8D11-0A5C76CDB071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD877F8-E6EF-4314-AAC0-36F81F4908DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7356B6-E197-4978-BF18-2CFD4D350A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93BE4838-1144-4A6A-ABDB-F2766E64C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F65B4C-59D5-450A-9955-7FDA32252B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A67AA54B-258D-4D09-9ACB-4085E0B3E585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BD600E-F3E9-40CE-9414-1D4506ACC1D8",
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0",
"versionEndIncluding": "16.4",
"versionStartIncluding": "16.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D886339E-EDB2-4879-BD54-1800E4CA9CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6814B606-D054-433C-A46E-0F6E338E1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2204841-585F-40C7-A1D9-C34E612808CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB96A21-161F-42A9-9402-FABEC9C0C15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132DE874-6E47-452A-9FDD-27D5A41F046E",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6DF81E-E392-49E5-ADF4-510A3737A5CE",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE83BC6-5A6F-40A1-AAC7-314A575D8E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E80555C7-DA1C-472C-9467-19554DCE4476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78A7E07-AB08-46C5-942D-B40BBE0C0D06",
"versionEndExcluding": "11.1.2.4.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3197F464-F0A5-4BD4-9068-65CD448D8F4C",
"versionEndExcluding": "21.3",
"versionStartIncluding": "21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*",
"matchCriteriaId": "809FD6D6-D05D-4387-A725-F707015DEFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A093A76C-4B2C-4FAD-BFDF-09862F831102",
"versionEndExcluding": "11.1.2.4.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1277A9-C49C-4840-A118-986C10A07657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03B9F810-EF80-4551-BA6D-027B0B2A787D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC36036-07CE-4903-8FFB-445C6908F0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "435FDFA1-BF6A-499D-BDB6-88A26648DFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3F3F63-9543-4568-BCB1-1CAF88384142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C4CA4-1694-474E-8272-CF96E168D962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93E953D0-9C0C-4B03-9939-384A1F7E2BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "767CC73D-2771-4BBC-9D74-4416AEC6BB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE3EA23-045D-474C-ABD8-916930D4E9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FD060-E9A8-499C-87B0-AF7BBED7771F",
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "10BBAD37-51A1-4819-807B-2642E9D4A69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524429D6-8AF1-4713-A9B8-678B50A3762F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21B958-0FD0-4697-9CE2-266DEE4E29DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5EA810-3110-4343-9054-0FCFCD608C25",
"versionEndExcluding": "12.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C",
"versionEndExcluding": "19.1.0.0.220118",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71050E24-6915-4B5E-98ED-AFAA6C2FF38B",
"versionEndExcluding": "21.5.0.0.220118",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29312DB7-AFD2-459E-A166-95437ABED12C",
"versionEndExcluding": "21.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8797ED-52E7-47B6-9F78-E2402671CCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97C10FBE-FD9A-4739-9303-5B6FC7551D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45C905-9EFF-4108-9B70-9FFDDD6627A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F88FB6C5-D797-4017-A285-D3BB24B55429",
"versionEndIncluding": "7.3.0.2",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D747A956-40A6-47D8-A813-FA4E13CB557F",
"versionEndIncluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04B1BA-EA84-4AA3-B208-DECC33E192EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A577DCD3-6730-441A-B3BD-6199483FB1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "577A07A9-DBB1-49E6-B2CC-60B917097472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49706536-CE9B-4713-8460-CC961B50C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F77F79-5E93-4FC2-84F2-26AF52B4C08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "781049BF-3467-4DB5-89D4-6A76984E0261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "058F9FC3-CA81-43BF-B083-DA8BE388E00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52C13DE5-CA3C-414F-8813-BB0847433151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4EE554-DFE7-4C16-BC98-574DC97FC85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4160ED-75F2-4499-AC6C-90CD092A46E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03BFDA-6904-42D7-8170-D6FD143BB16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C85900AC-11DA-4FA8-A1E0-270240BF4B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87B4051B-EB98-4D10-99D9-F15B44DBC7F0",
"versionEndIncluding": "5.6.0",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00C9E689-ED91-4A9D-B9C0-5BF4EC131409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA1879-0BF9-4493-9145-15100BC38C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF958C28-4289-4433-8CD9-B6551F01926F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B51896-E4DA-4FDA-979F-481FFB3E588A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*",
"matchCriteriaId": "D63E2911-7DA8-41AC-AB7A-1AA29076F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D65139-BB80-4713-8E59-6CA1116DCC1D",
"versionEndExcluding": "9.2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC",
"versionEndExcluding": "7.4.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00D3ECDE-287B-4336-898A-0DFEBE2AB6C3",
"versionEndExcluding": "7.5.24",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "105CBFD5-20DF-4BF0-9629-B87AF404E33D",
"versionEndExcluding": "7.6.20",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E248F8CE-5B39-457D-A47E-620858340840",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD",
"versionEndExcluding": "8.0.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1912FB-8ABF-4640-92E7-367A4923267C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C9E5736-6015-499E-A452-227DCFB87DA7",
"versionEndExcluding": "5.7.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B0D740-75B1-4953-A99F-965F999FDC64",
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F3390B-4081-473F-A5E0-B5E3A3888F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C56CECB-6B97-406C-8761-8B7F74CA7DEF",
"versionEndExcluding": "8.0.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7167D144-C4AE-487F-B59A-888E10EA59DF",
"versionEndExcluding": "21.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B",
"versionEndExcluding": "2.12.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4859861-C2EC-489F-A3B7-ACF85C709C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "247C0D05-C76B-44BC-8750-C716FF980D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CB2872-747C-47AC-8463-DD759BF105B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBC53C9-75EC-46F7-907D-63BB74864CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "D370F2E3-EF8A-440C-8319-D52FA3431428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6",
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9948AB-0CA6-4148-949C-E500466B45F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56D17905-5E69-4BD5-973B-30662AC3D678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70E72A74-F6A9-48EE-9279-3D9E53C2EC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F14C6AB5-CC45-4753-A60F-1F527B063127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583BBDF1-DBE4-486D-ABF8-7D2B0408490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9810151-6F80-48FD-A51E-F063EB2B7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB9BA0D-7149-4221-A5AE-D4664E11C86F",
"versionEndIncluding": "17.12.0.0-17.12.20.0",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE4EAC8-A743-4658-AD72-088A5E747180",
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E867F5E0-48A0-4D84-A0CA-A428FB2264D4",
"versionEndIncluding": "17.12.20.0",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E",
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05848067-59FF-4C90-A8BA-D1E4311B3A82",
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6AD8C8-96ED-4CFB-9953-99139FABCE35",
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F67F218D-E827-482B-8417-483713F31D69",
"versionEndIncluding": "18.0.3.0",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9",
"versionEndIncluding": "19.0.1.2",
"versionStartIncluding": "19.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53B3B01A-532C-45B7-9BFC-19AABF55644B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "683ABA64-9F16-4C23-8AF3-BB0C19FED9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE004F32-F4DA-45A8-AD11-8924C4F1076A",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*",
"matchCriteriaId": "12F5FDCF-EA13-44F1-B3D8-94310CD3841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51E83F05-B691-4450-BCA9-32209AEC4F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "288235F9-2F9E-469A-BE14-9089D0782875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6672F9C1-DA04-47F1-B699-C171511ACE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11E57939-A543-44F7-942A-88690E39EABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D4D479-0294-4F31-B719-8544C8DC4554",
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08DF20EA-D1A6-4437-90F6-C0C40273CE5B",
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E",
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEF867A-587A-45E1-B2F6-0B903903F0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
"matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B956113-5B3B-436D-858B-8F29FB304364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC456422-00B5-498E-A28E-EA834367D943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987",
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "054F9E62-A6D6-4850-83AD-3628C74A4384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74ACC94B-4A9F-451D-B639-6008A108BDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA63BB4-27A9-4B26-B01C-1F527C7B9454",
"versionEndExcluding": "21.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D926BD38-E66E-41DA-9F65-40D68F8D8890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3B232-073E-433B-977A-1742B75109B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6FDC33-D57E-4C6A-B633-BFC587147037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B01572-9D32-44B2-8FCF-C282C887DB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
"versionEndExcluding": "11.2.2.8.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34656ECE-15CB-495C-8573-7C98B383F15B",
"versionEndExcluding": "21.1.1.1.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91A2A4B0-88FC-41D1-8719-4FAABED19F8E",
"versionEndExcluding": "6.1.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB85582D-0106-47F1-894F-0BC4FF0B5462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB505EC-A54C-4033-B3A6-24CEF87A855D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A48DA6-C5A5-4B3D-B43B-31380223A55A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB27AABE-079B-4DF0-ABEF-0D3329685B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "529D4274-F33B-47C7-A3FB-6F86096FD955",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2D622F-E345-4A4D-861F-6460DF56880C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A534E662-66B7-448B-A763-6B043112C877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBEE0C8-CC99-4A25-9342-208D4DB91AAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95541D18-5C33-49E9-924D-0B21162EC2C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5C60CD-F890-4E3F-A2C3-9153591E7647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotaci\u00f3n del validador SafeHtml no puede sanear apropiadamente las cargas \u00fatiles que consisten en c\u00f3digo potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS."
}
],
"id": "CVE-2019-10219",
"lastModified": "2025-07-07T14:15:21.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-08T15:15:11.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-M8P2-495H-CCMH
Vulnerability from github – Published: 2020-01-08 17:01 – Updated: 2025-09-12 20:10
VLAI?
Summary
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Details
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.hibernate.validator:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0.Alpha1"
},
{
"fixed": "6.1.0.Alpha6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.17.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.hibernate.validator:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0.Alpha1"
},
{
"fixed": "6.0.18.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.hibernate:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0.Alpha1"
},
{
"fixed": "6.1.0.Alpha6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.17.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.hibernate:hibernate-validator"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0.Alpha1"
},
{
"fixed": "6.0.18.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10219"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-01-08T17:00:14Z",
"nvd_published_at": "2019-11-08T15:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"id": "GHSA-m8p2-495h-ccmh",
"modified": "2025-09-12T20:10:35Z",
"published": "2020-01-08T17:01:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"type": "WEB",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"type": "WEB",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee"
},
{
"type": "WEB",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"
},
{
"type": "WEB",
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"
},
{
"type": "PACKAGE",
"url": "https://github.com/hibernate/hibernate-validator"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks"
}
GSD-2019-10219
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-10219",
"description": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"id": "GSD-2019-10219",
"references": [
"https://access.redhat.com/errata/RHSA-2020:5568",
"https://access.redhat.com/errata/RHSA-2020:4366",
"https://access.redhat.com/errata/RHSA-2020:2321",
"https://access.redhat.com/errata/RHSA-2020:2067",
"https://access.redhat.com/errata/RHSA-2020:0445",
"https://access.redhat.com/errata/RHSA-2020:0164",
"https://access.redhat.com/errata/RHSA-2020:0161",
"https://access.redhat.com/errata/RHSA-2020:0160",
"https://access.redhat.com/errata/RHSA-2020:0159"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-10219"
],
"details": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"id": "GSD-2019-10219",
"modified": "2023-12-13T01:23:59.561483Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hibernate-validator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Hibernate"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0024/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,6.0.18)",
"affected_versions": "All versions before 6.0.18",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-79",
"CWE-937"
],
"date": "2021-08-04",
"description": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"fixed_versions": [
"6.0.18"
],
"identifier": "CVE-2019-10219",
"identifiers": [
"GHSA-m8p2-495h-ccmh",
"CVE-2019-10219"
],
"not_impacted": "All versions starting from 6.0.18",
"package_slug": "maven/org.hibernate.validator/hibernate-validator",
"pubdate": "2020-01-08",
"solution": "Upgrade to version 6.0.18 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee",
"https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"https://github.com/advisories/GHSA-m8p2-495h-ccmh"
],
"uuid": "23e75a2e-49b8-47f3-968c-126b37e45c11"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4",
"versionStartIncluding": "16.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.4.34",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.24",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.6.20",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.27",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.36",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.27",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.0.3.0",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.1.2",
"versionStartIncluding": "19.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.32",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1.2.4.47",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.3",
"versionStartIncluding": "21.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1.2.4.47",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.220118",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.5.0.0.220118",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.2",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.0.0-17.12.20.0",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.20.0",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.2.8.27",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.1.1.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10219"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
},
{
"name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0024/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2022-09-12T13:51Z",
"publishedDate": "2019-11-08T15:15Z"
}
}
}
RHSA-2020:0159
Vulnerability from csaf_redhat - Published: 2020-01-21 02:57 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
101 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package (CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package (CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package (CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0159",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17834",
"url": "https://issues.redhat.com/browse/JBEAP-17834"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0159.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:53+00:00",
"generator": {
"date": "2026-05-14T22:24:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0159",
"initial_release_date": "2020-01-21T02:57:45+00:00",
"revision_history": [
{
"date": "2020-01-21T02:57:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T02:57:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.14-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.42-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.5-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-3.Final_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.2.11-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.9.10-2.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.6-5.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.18-2.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T02:57:45+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
RHSA-2020:0160
Vulnerability from csaf_redhat - Published: 2020-01-21 03:47 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening
on HTTPS (CVE-2019-14888)
* jboss-cli: JBoss EAP: Vault system property security attribute value is
revealed on CLI 'reload' command (CVE-2019-14885)
* netty: HTTP request smuggling by mishandled whitespace before the colon in
HTTP headers (CVE-2019-16869)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
* jackson-databind: Serialization gadgets in classes of the commons-dbcp package
(CVE-2019-16942)
* jackson-databind: Serialization gadgets in classes of the
commons-configuration package (CVE-2019-14892)
* jackson-databind: polymorphic typing issue related to
com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
* jackson-databind: Serialization gadgets in classes of the p6spy package
(CVE-2019-16943)
* jackson-databind: polymorphic typing issue when enabling default typing for an
externally exposed JSON endpoint and having apache-log4j-extra in the classpath
leads to code execution (CVE-2019-17531)
* jackson-databind: Serialization gadgets in classes of the xalan package
(CVE-2019-14893)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* jackson-databind: Serialization gadgets in classes of the ehcache package
(CVE-2019-17267)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.5 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
5.4 (Medium)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
7.5 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
8.1 (High)
Affected products
Fixed
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
88 references
Acknowledgments
Samsung R&D Institute Poland
Dominik Mizyn
Verizon Media
Henning Baldersheim
Håvard Pettersen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening\non HTTPS (CVE-2019-14888)\n\n* jboss-cli: JBoss EAP: Vault system property security attribute value is\nrevealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\n* netty: HTTP request smuggling by mishandled whitespace before the colon in\nHTTP headers (CVE-2019-16869)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariConfig (CVE-2019-14540)\n\n* jackson-databind: Serialization gadgets in classes of the commons-dbcp package\n(CVE-2019-16942)\n\n* jackson-databind: Serialization gadgets in classes of the\ncommons-configuration package (CVE-2019-14892)\n\n* jackson-databind: polymorphic typing issue related to\ncom.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\n* jackson-databind: Serialization gadgets in classes of the p6spy package\n(CVE-2019-16943)\n\n* jackson-databind: polymorphic typing issue when enabling default typing for an\nexternally exposed JSON endpoint and having apache-log4j-extra in the classpath\nleads to code execution (CVE-2019-17531)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package\n(CVE-2019-14893)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* jackson-databind: Serialization gadgets in classes of the ehcache package\n(CVE-2019-17267)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0160",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "JBEAP-17491",
"url": "https://issues.redhat.com/browse/JBEAP-17491"
},
{
"category": "external",
"summary": "JBEAP-17541",
"url": "https://issues.redhat.com/browse/JBEAP-17541"
},
{
"category": "external",
"summary": "JBEAP-17651",
"url": "https://issues.redhat.com/browse/JBEAP-17651"
},
{
"category": "external",
"summary": "JBEAP-17652",
"url": "https://issues.redhat.com/browse/JBEAP-17652"
},
{
"category": "external",
"summary": "JBEAP-17666",
"url": "https://issues.redhat.com/browse/JBEAP-17666"
},
{
"category": "external",
"summary": "JBEAP-17773",
"url": "https://issues.redhat.com/browse/JBEAP-17773"
},
{
"category": "external",
"summary": "JBEAP-17779",
"url": "https://issues.redhat.com/browse/JBEAP-17779"
},
{
"category": "external",
"summary": "JBEAP-17789",
"url": "https://issues.redhat.com/browse/JBEAP-17789"
},
{
"category": "external",
"summary": "JBEAP-17805",
"url": "https://issues.redhat.com/browse/JBEAP-17805"
},
{
"category": "external",
"summary": "JBEAP-17835",
"url": "https://issues.redhat.com/browse/JBEAP-17835"
},
{
"category": "external",
"summary": "JBEAP-17837",
"url": "https://issues.redhat.com/browse/JBEAP-17837"
},
{
"category": "external",
"summary": "JBEAP-17887",
"url": "https://issues.redhat.com/browse/JBEAP-17887"
},
{
"category": "external",
"summary": "JBEAP-17898",
"url": "https://issues.redhat.com/browse/JBEAP-17898"
},
{
"category": "external",
"summary": "JBEAP-17905",
"url": "https://issues.redhat.com/browse/JBEAP-17905"
},
{
"category": "external",
"summary": "JBEAP-17906",
"url": "https://issues.redhat.com/browse/JBEAP-17906"
},
{
"category": "external",
"summary": "JBEAP-17940",
"url": "https://issues.redhat.com/browse/JBEAP-17940"
},
{
"category": "external",
"summary": "JBEAP-17945",
"url": "https://issues.redhat.com/browse/JBEAP-17945"
},
{
"category": "external",
"summary": "JBEAP-17974",
"url": "https://issues.redhat.com/browse/JBEAP-17974"
},
{
"category": "external",
"summary": "JBEAP-17998",
"url": "https://issues.redhat.com/browse/JBEAP-17998"
},
{
"category": "external",
"summary": "JBEAP-18169",
"url": "https://issues.redhat.com/browse/JBEAP-18169"
},
{
"category": "external",
"summary": "JBEAP-18170",
"url": "https://issues.redhat.com/browse/JBEAP-18170"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0160.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:53+00:00",
"generator": {
"date": "2026-05-14T22:24:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0160",
"initial_release_date": "2020-01-21T03:47:51+00:00",
"revision_history": [
{
"date": "2020-01-21T03:47:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T03:47:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.14-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.42-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-3.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.2.11-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-7.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.9.10-2.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.6-5.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-6.SP3_redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.19-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-3.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-21.SP12_redhat_00010.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-2.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-3.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.1-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.14-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.42-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.5-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product_id": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-3.Final_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.2.11-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-binary@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-dataformats-text@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.10-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-7.Final_redhat_00007.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.6-5.GA_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Dominik Mizyn"
],
"organization": "Samsung R\u0026D Institute Poland"
}
],
"cve": "CVE-2019-10219",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1738673"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: safeHTML validator allows XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10219"
},
{
"category": "external",
"summary": "RHBZ#1738673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10219"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee",
"url": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
"url": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"
}
],
"release_date": "2019-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: safeHTML validator allows XSS"
},
{
"cve": "CVE-2019-14540",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "RHBZ#1755849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig"
},
{
"cve": "CVE-2019-14885",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1770615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14885"
},
{
"category": "external",
"summary": "RHBZ#1770615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
}
],
"release_date": "2020-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-16942",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "RHBZ#1758187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*"
},
{
"cve": "CVE-2019-16943",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16943"
},
{
"category": "external",
"summary": "RHBZ#1758191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943"
}
],
"release_date": "2019-09-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource"
},
{
"cve": "CVE-2019-17267",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the ehcache package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "RHBZ#1758167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267"
}
],
"release_date": "2019-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the ehcache package"
},
{
"cve": "CVE-2019-17531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenShift Container Platform does ship the vulnerable component, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17531"
},
{
"category": "external",
"summary": "RHBZ#1775293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531"
}
],
"release_date": "2019-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T03:47:51+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…